Two French Researchers Found a Way to Hack Siri, Google Now Remotely. Here's How It Works

Impact

French researchers have found a way to hack into an iPhone's Siri and an Android's Google Now features remotely, essentially hacking the devices' security systems and using the personal assistant services to control the phones from a distance. In a report recently published by the Institute of Electrical and Electronics Engineers, José Lopes Esteves and Chaouki Kasmi, who work for the French information security agency ANSSI, say they can perform the security breach from six to 16 feet away, without speaking into the phones' voice command features. 

"The sky is the limit here," ANSSI research director Vincent Strubel told Wired Wednesday. "Everything you can do through the voice interface you can do remotely and discreetly through electromagnetic waves."

How it works: When an iPhone or Android user has their headphones plugged into their device, hackers can essentially use the connected wires to access the smartphone by sending electromagnetic waves that are then converted into electrical signals. The smartphone would mistake the electrical signals targeting it's personal assistant services as audio coming from the microphone attached to the headphones, allowing hackers to then program the signals and command the phone's functionality, according to Wired

There's a catch. While the hack, initially unveiled at Hack in Paris conference in June, certainly reveals a flaw in leading personal assistant services, there are a few caveats. First, a device would need to have headphones connected in order for hackers to send electromagnetic waves into the phone. Second, when Siri or Google Now are activated, the phones' features accessed by the personal assistant services would immediately show on the screen. 

Currently, there doesn't appear to be a way for the researchers to hide the hack from users. A user would likely immediately realize their phone was acting abnormal and could override the hack by simply closing out of their phone's personal assistant. 

Eric Risberg/AP

Still, the research, published in August, indicates the threat of a mass security breach in public areas using the built-in personal assistants. "You could imagine a bar or an airport where there are lots of people," Struble told Wired. "Sending out some electromagnetic waves could cause a lot of smartphones to call a paid number and generate cash."