Slashdot Mirror

← Back to Stories (view on slashdot.org)

Radio Waves Can Be Used To Hijack Androids and iPhones Via Siri and Google Now

Posted by timothy on from the at-that-range-you-could-use-a-knife dept.

An anonymous reader writes: Two French researchers have discovered a way to use the Siri and Google Now voice assistant software to relay malicious commands to smartphones without the user's consent or knowledge. This method relies on a special hardware rig that can send radio waves to smartphones with earphones plugged into them. The radio waves get picked up by the earphone cable, get transformed into electrical signals and then to software commands. The research is accompanied by a YouTube video as well. Note that this attack, as the article explains, so far relies on some bulky dedicated equipment, and on the attacker being close to the system he wants to disrupt.

6 of 49 comments (clear)

  1. Re:That would be embarassing by BitZtream · · Score: 2

    ... yea, and it'll play over their head phones ... so no one will hear it ...

    Next time read the summary, not the headline. Works with headphones pulled in by stimulating the microphone on the earbuds with RF.

    No ear buds, no worky. With ear buds plugged in, no one will hear its response ... effectively no work.

    Of course the required RF is going to cause other issues besides Now/Siri acting up, but go ahead continue to be ignorant and too stupid to realize this is nothing more than another sensationalist Slashdot headline.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  2. Re: Bad headline by BronsCon · · Score: 5, Interesting

    Actually, good headline. Had you read the summary, you'd know that this attack requires a wired headset to be plugged in. Essentially (and wihout reading the article as I actually did something similar a few years back), they're sending an AM signal to the device via tha headphone cable at a multiple of the sample rate being used by the device's ADC, fooling it into thinking the radio signal coming throuh the antenna is an audio signal. Rather than try to guess the sample rate, they probably transmit at a multiple of 8000 and 22050hz; 176.4mhz would cover 4000, 8000, 16000, 22050, 24000, 44100, 48000, and 96000hz, actually. IIRC, I used 705.6mhz and only needed a handful of watts; the device could have been made about the size of a small home router including batteries and an in-built mp3 player to relay commands, but battery life would have been short-ish.

    What is it about a headset jack that makes a phone a cellphone, again? I mean, I recall having a 47mhz cordless phone with a headset jack. Was that a cellphone? No.

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  3. Re:Bad headline by rmdingler · · Score: 2
    FTA: "First off, it only works only when the headphones are plugged into the device, and the headphones have a microphone integrated, and aren't just simple music-listening earbuds."

    So. Nay, varlet.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  4. "OK Google, install botnet software" by Khyber · · Score: 2

    "OK Google, begin DDoS script."

    Imagine rolling through Times Square on New Years. Omnidirectional antenna on a micro version of this, get in the middle of the crowd, pwn everyone using wired headsets with a microphone, instant cellular botnet, and since you're not issuing commands from a cell phone or through the cellular network, you're not going to be traceable through that system.

    You are effectively an invisible and untouchable attacker/control/command server. All you do is issue the command in a quick burst and go silent.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  5. Risk by fyngyrz · · Score: 3, Interesting

    You may be misunderstanding the risk, such as it is.

    o Siri is given instructions via RF injection and incidental demodulation within the phone's mic input electronics.

    o Siri performs an action you didn't ask it to do.

    o You won't necessarily hear the instructions come in. In the cable, it's RF. Your earphones would also have to demodulate the signal. If they're purely inductive (most headphones are), they won't do that. If the circuitry they are plugged in to doesn't provide incidental demodulation (a lot less likely than an input like a mic input), it won't get back to the earphones that way either. Last chance is anything you say is fed back to your earphones by Siri / etc. Does it do that? My Galaxy Note 3 doesn't do that with Google voice. Why would it, anyway?

    o If you're not looking at your phone, you might not even be aware this had happened. You might even be asleep. I nap with my earphones in, listening to music, on a fairly regular basis, for instance.

    So while it's extremely unlikely to be any kind of an immediate threat because of the equipment and proximity issues, it actually might be able to cause problems in those rare cases where those issues do not prevent it. Mostly it depends on what the phone can be told to do, and what portion of that it will do without further interaction / confirmation.

    --
    I've fallen off your lawn, and I can't get up.
  6. yes, AM radio. Mic input is more sensitive by raymorris · · Score: 3, Informative

    Yeah, it's the same idea. Microphone inputs are much more sensitive than speakers, so it happens a lot if you use a long mic cable but don't use the correct type, or if a connection is broken in the mic cable.

    Am radio is basically the audio signal added to the radio signal. An antenna is a wire, and a wire is an antenna. So if you have a wire hooked up to a sound input which somehow does process the radio signal (such as by not being fast enough to do so), you can easily end up with just the AM audio coming through the wire/antenna to the audio input.