No imaginations, because hackers can make this possible using your phone's personal assistant Siri or Google Now.
Security researchers have discovered a new hack that could allow hackers to make calls, send texts, browser a malware site, and do many more activities using your iOS or Android devices' personal assistant Siri or Google Now — without even speaking a single word.
A Group of researchers from French government agency ANSSI have discovered that a hacker can control Apple's Siri and Android's Google Now by remotely and silently transmitting radio commands from as far as 16 feet away...
...only if it also has a pair of headphones plugged into its jack.
How does the Hack Work?
It is very interesting and a mind-blowing technique.
The Hack utilizes:
- An iPhone or Android handset with headphones plugged in
- A radio transmitter
The radio transmitter sends radio waves to silently trigger voice commands on any iPhone or Android phone (with a pair of microphone-enabled headphones plugged in) that has Siri or Google Now enabled respectively.
Where the headphones' cables act as radio antennas, which can be exploited to trick an iPhone or Android phone user into believing that the voice commands are coming from the user's microphone.
This could leverage a hacker to do whole lots of things on victim's mobile phone without even speaking a word, including:
- Make calls
- Send text messages
- Dial the hacker's number to turn victim's phone into an eavesdropping device
- Browse to malware websites
- Send phishing and spam messages using Facebook, Twitter or email
"You could imagine a bar or an airport where there are lots of people," Vincent Strubel, the director of the research group at ANSSI told Wired. "Sending out some electromagnetic waves could cause many smartphones to call a paid number and generate cash."
The hack only requires:
- A headphone-connected iPhone or Android phone
- Siri enabled from the lockscreen — which is Apple's Default setting.
In its smallest form, this hack could be performed from a range of around six and a half feet.
A more powerful hack that ranges to more than 16 feet requires larger batteries and could only fit inside a car, the researchers say.
You can also watch the video demonstration that shows the attack in action:
In the demo, the researchers sent a command to Google Now via radio on an Android smartphone and forced the device's browser to visit their ANSSI official website.