Siri Gave Me Access To Your Investment Accounts

Hackers can silently control your phone.

Besides being the iPhone user's intelligent personal assistant, Siri, has become a welcomed house guest.  She is always available and helpful by providing directions, suggesting recommendations, making phone calls, and retrieving text messages.  Siri is always there.  For Android users, it's Google Now.  Recently, some researchers from a French intelligence agency have revealed that Siri (for iPhone users) and Google Now (for Android users) can be controlled by silently transmitting commands via radio signals.  This can be done from as far away as 16 feet!

A hacker can do this if you have a pair of headphones with a microphone plugged into the jack on your smartphone.  If so, the hacker could silently trigger voice commands on any Android phone or iPhone that has Google Now or Siri enabled.  Essentially, the hack takes advantage of the wires in the headphones by using them as an antenna, thereby sending signals that trick the phone's software into thinking that you are the one actually issuing the voice command.

Without actually saying anything, a hacker can send a command to Siri or Google Now to make calls, send texts, eavesdrop on your calls, download malicious software, or send malicious emails to your friends and family.

What does this mean?

You could be walking through a crowded place and unbeknownst to you, a hacker has a radio device transmitting voice commands to your phone.  Those voice commands instruct your phone to go to a web site that installs malicious software.  That malicious software now sends a report of everything that you do to the hacker, including the login and password for your Charles Schwab account.  You know, the one that you use to manage your 401k.

What can you do to protect yourself, your family, and most importantly, your children?

  • Ensure that Siri is not enabled from the lockscreen.  Most Android phones do not have Google Now enabled from the lockscreen by default.
  • Ensure that you have the latest iOS and Android software updates, especially if you have an older phone.  The latest version of Siri for the iPhone 6s and the latest version of Google Now verify the owner's voice specifically.
  • If not in use, do not leave your headphones with microphone plugged into your phone.
  • If you never use the voice command functionality, disable it.

Read the technical report here.

1 Comment