Slashdot Mirror
Radio Waves Can Be Used To Hijack Androids and iPhones Via Siri and Google Now
An anonymous reader writes: Two French researchers have discovered a way to use the Siri and Google Now voice assistant software to relay malicious commands to smartphones without the user's consent or knowledge. This method relies on a special hardware rig that can send radio waves to smartphones with earphones plugged into them. The radio waves get picked up by the earphone cable, get transformed into electrical signals and then to software commands. The research is accompanied by a YouTube video as well. Note that this attack, as the article explains, so far relies on some bulky dedicated equipment, and on the attacker being close to the system he wants to disrupt.
Ask someone's Siri where the horse dick is. Ask someone's Siri where the hard drugs are. Ask someone's Siri where the inflateable dolls are. Make sure you target politicians, you pranksters...
Since the researcher did not try to see whether the same trick would work on a Lumia
You know the stuff that makes a cell phone a cell phone and not, say a landline phone? Yeah, that stuff. It can be used to manipulate the phone.
Use BlueTooth headphones/headsets.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
they can use radiowaves to remotely control and tap into/scan anything, even DRAM, CPU, brain/nerves, USB, keyboard, monitors.
the technique is called interferometry/electronic warfare but also you can do it with off the shelf parts. they call the off the shelf stuff van eck phreaking: https://en.wikipedia.org/wiki/...
More info on the interferometry/electronic warfare kind used by our government from space satellites and over the horizon radar at http://www.drrobertduncan.com/
Info on interferometry: https://en.wikipedia.org/wiki/...
Electronic warfare: https://en.wikipedia.org/wiki/...
Signals Intelligence: https://en.wikipedia.org/wiki/...
RADAR MASINT: https://en.wikipedia.org/wiki/...
Welcome to the high tech age hidden by Edward Snowden, only talked about by real whistleblowers like Russ Tice, and Dr. Robert Duncan.
"OK Google, begin DDoS script."
Imagine rolling through Times Square on New Years. Omnidirectional antenna on a micro version of this, get in the middle of the crowd, pwn everyone using wired headsets with a microphone, instant cellular botnet, and since you're not issuing commands from a cell phone or through the cellular network, you're not going to be traceable through that system.
You are effectively an invisible and untouchable attacker/control/command server. All you do is issue the command in a quick burst and go silent.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
OK, this is the sort of question that could be answered by RTFA, however when it's a 40-minute long video, I don't feel as bad.
When configuring Siri for voice activation, you go through some steps that give the impression that it's tuning the activation for your specific pattern of speech. Which presumably is to prevent false activation when somebody next to you is using the feature on their phone.
Assuming this is actually happening, would that prevent this sort of attack?
Just have Siri or Ok Google say something whenever interpreting a voice command. Something simple like "OK Boss," would let the user know something is going on with their phone.
Which, of course, leaves the problem of how a non-tecvh-savy person would know that when your phone is doing weird shit you unplug the headphones, which is probably the harder thing to figure out, but hey.
This has to be by design.
"If any question why we died, Tell them because our fathers lied."
Time for an aftermarket add-on that goes in the phone jack that contains a low pass filter. Inductors, capacitors, pcb, input jack, output spike/plug, case.
If the paranoia grows sufficiently (or the threat actually does), it could be quite a moneymaker. You could probably sell a bunch at a premium to the various TLAs either way, as some of them are what one could reasonably describe as "professionally paranoid."
Fancy ones could have a LED that lights up using the shunted RF energy. A LED! Imagine that!
Or you could build in a thingy that wraps around the phone case over to right next to the camera, and when the LED goes off, it could be detected by the camera, and the phone could vibrate. No, wait, that means someone might be able to remotely sex you up. That's no good.
Really fancy ones could have a LED that lights in the infrared band, so no one could see it but the owner, using some fancy active spy/eyeglasses. Well, and the guy with the infrared scope on his sniper rifle. So perhaps not. :)
Of course, the business model will fall flat on its face when iPhone X / Android hardware X comes out with said RFI filtering built-in. and a detection that can drive the LED, an app, etc.
Ok, look. Let's just get rid of this researcher so This Can Never Happen Again*
-------------
* All due respect to South Park's 2D inhabitants and their observatory-destroying ways
** No need to thank me, I plan to continue to use my engineering design chops to secure the Safety Of Our Nation.
*** JFC, now I can't get my tongue out of my cheek. This getting old shite is getting old.
I've fallen off your lawn, and I can't get up.
You may be misunderstanding the risk, such as it is.
o Siri is given instructions via RF injection and incidental demodulation within the phone's mic input electronics.
o Siri performs an action you didn't ask it to do.
o You won't necessarily hear the instructions come in. In the cable, it's RF. Your earphones would also have to demodulate the signal. If they're purely inductive (most headphones are), they won't do that. If the circuitry they are plugged in to doesn't provide incidental demodulation (a lot less likely than an input like a mic input), it won't get back to the earphones that way either. Last chance is anything you say is fed back to your earphones by Siri / etc. Does it do that? My Galaxy Note 3 doesn't do that with Google voice. Why would it, anyway?
o If you're not looking at your phone, you might not even be aware this had happened. You might even be asleep. I nap with my earphones in, listening to music, on a fairly regular basis, for instance.
So while it's extremely unlikely to be any kind of an immediate threat because of the equipment and proximity issues, it actually might be able to cause problems in those rare cases where those issues do not prevent it. Mostly it depends on what the phone can be told to do, and what portion of that it will do without further interaction / confirmation.
I've fallen off your lawn, and I can't get up.
Yeah, it's the same idea. Microphone inputs are much more sensitive than speakers, so it happens a lot if you use a long mic cable but don't use the correct type, or if a connection is broken in the mic cable.
Am radio is basically the audio signal added to the radio signal. An antenna is a wire, and a wire is an antenna. So if you have a wire hooked up to a sound input which somehow does process the radio signal (such as by not being fast enough to do so), you can easily end up with just the AM audio coming through the wire/antenna to the audio input.
If you saw the whole video you'll hear them in the q&a session after their presentation that they were able to make it work in far field. So the headline comment isn't quite right.
Just say'n.
RF pickup by wired headsets can be used to compromise smartphones.
Mentioning the brands of phone and AI assistant is superfluous, as those specifics can easily be swapped out for other smartphones as long as they can download any sort of command AI. It's the pickup approach that's novel. Put "that accept voice commands" if you wish to elaborate further.
I'd love to lean into the mic at a packed concert and say, "Ok Google, call mom, yes ... Hold the tourniquet tight while I find the vein."