Boffins Demo Remote Control of Siri, Google Now

Siri and other smartphone digital assistants may do your bidding — but they may do a hijacker’s as well.

That’s what two researchers discovered when they began to tinker with the effects of radio waves on smartphones. They could use the waves to issue commands to any Android or iOS phone running Google Now or Siri.

Researchers Jos Lopes Esteves and Chaouki Kasmi first aired their findings at the Hack in Paris conference during the summer. Their presentation didn’t receive a lot of publicity at the time, but a Wired report last week set the tech press abuzz.

The pair described how they generated electromagnetic waves using a laptop, an open source program called “GNU Radio,” a USRP software-defined radio, an amplifier and an antenna. With the setup, they could send silent commands to a smartphone’s digital assistant through the air.

The device configuration on which the researchers based their presentation could fit in a backpack, but its range was short — just 6.5 feet, Wired noted. However, if the researchers boosted the battery power of their platform, its reach could be extended to 16 feet, although an attacker would need a car or van to hide it.

Proof of Concept

Distance isn’t the only limitation of the setup. It requires microphone-enabled headphones or earbuds to be plugged in to a targeted phone, Wired explained.

What’s more, if the lockscreen of a phone is activated, Siri or Google Now needs to be configured to work at the lockscreen. Google Now and the new iPhone 6s support voice recognition, so they can be configured to respond only to commands from a user’s voice, which would foil the scheme.

Though what the researchers described in their paper is possible, it’s very much a lab experiment.

“As far as I know, no one has reported this as an actual compromise situation, just a proof-of-concept of yet another Siri-related bypass issue,” saidEset Senior Researcher Cameron Camp.

While Esteves and Kasmi’s efforts deserved praise, it’s unlikely hackers would go flocking to their technique, said Ken Westin, a senior security analyst withTripwire.

“It’s interesting research, but I don’t think it’s something we’re going to see as a practical application in the wild,” he told TechNewsWorld. “It’s not something I’d be too concerned with as a consumer.”

Hackers Want Scalability

The range of the attack device and its narrow application are barriers to its adoption by black hats, Eset’s Camp told TechNewsWorld.

“They have to be close, and it’s a highly targeted attack, so certainly limited in its ability to scale,” he said.

The ability to scale is important to most criminal hackers because they want to engage in activities where they can rope in large numbers of victims to their nefarious schemes.

“This device can’t be deployed on a massive scale, so it’s not something a hacker would be able to profit from,” Tripwire’s Westin said.

However, if the device were sufficiently miniaturized, an attacker could hide it in a backpack or suitcase, locate it in a crowded area such as an airport, and send calls from many people’s phones to paid services that would generate cash for the attacker, one researcher pointed out to Wired.

Jumping Through Hoops

“By using radio waves to issue commands to Siri or Google Now, there are some big hoops that an attacker has to jump through that make it less practical than some of the vulnerabilities we’ve seen out there,” said Ruoting Sun, senior product marketing manager atBarracuda Networks.

One of those hoops is the need to attack the phone through a headset.

“Any time you have your headphones plugged in to your phone, you’re usually listening to something,” Sun told TechNewsWorld. “If Siri is activated, whatever you’re listening to will dim, and you’ll know something is wrong.”

Because the target of the radio wave attack is so narrow, it might be better suited to espionage than to crime.

“When researchers find something like this, I wonder if some of the guys in three-letter agencies already know about this and have utilized and deployed it,” Tripwire’s Westin observed.

Phone makers should take a close look at Esteves and Kasmi’s research, he recommended.

“This is something smartphone makers should pay attention to,” Westin said. “Stuff like this starts as something unlikely, but someone finds a way to do this with a smaller antenna or integrate it into some new kind of malware so these threats can grow over time.”

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Cybersecurity

Technewsworld Channels