Hackers can control Siri and Google Now remotely using radio waves, the two personal assistants developed for Android and iOS being much more vulnerable than anyone would have imagined, the control being done without the terminals having jailbreak or root.
A government agency in France discovered this hack, it works only on terminals that have Crab or Google Now active and a pair of headphones with a microphone connected to the terminals, the control being done by radio waves, even from almost 6 meters away.
Researchers, in this case, or any hackers who know the trick, can send any kind of commands to Google Now or Siri for the assistants to run, the headphone cable acting as an antenna, its wires transforming electromagnetic waves into electrical signals that iOS and Android confuses them with the words spoken by users.
Using this hack the researchers can make phone calls, send messages, access websites, send emails, basically control either of the two assistants completely, the user just watching as Siri and Google Now start working on their own .
A pair of researchers at ANSSI have shown that they can use radio waves to silently trigger voice commands on any Android phone or iPhone that has Google Now or Siri enabled, if it also has a pair of headphones with a microphone plugged into its jack. Their clever hack uses those headphones' cord as an antenna, exploiting its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phone's operating system to be audio coming from the user's microphone. Without speaking a word, a hacker could use that radio attack to tell Siri or Google Now to make calls and send texts, dial the hacker's number to turn the phone into an eavesdropping device, send the phone's browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter.
Practically any terminal that has Siri or Google Now active and has a pair of headphones connected is a potential victim of a hacker, who only needs to send the correct signals to infect the user with malware or send messages/emails on his behalf.
The problem here lies in the fact that Apple and Google could have very big problems in blocking such exploitation without modifying the microphone of the terminals or their headphones, but it is unlikely that any person will ever be seriously affected by this hack.
