How to exploit Vulnerability in Siri and Google Now.

Researchers of French Intelligence Agency, ANSSI found that Hackers can control the smartphone devices from 16 feet away. The user would have no idea that his smartphone has been hacked the research says.

The hackers are exploiting vulnerabilities in Siri and Google Now, with the help of radio signals without even saying a word. The hacker can send text messages, emails, and browse on internet without even asking for your permission. 

How does a hacker control your device? 

The Hacker can only target those devices if the targets headphones are plugged into the jack, only this way the hacker can get into your device without even asking for your permission. 
The hacker should have a radio transmitter to start his hacking operation. It will be used to send  radio waves that are able to trigger voice commands on Siri and Google Now with a pair of microphone-enabled headphones plugged in.
The users headphone cable will work as radio antennas, this way the Siri or Google Now app will receive commands which it believe is coming from users microphone.  The french researchers presented their discovery in Hack in Paris conference.  
They presented how a hacker can send sms, emails, visit website managed by hacker, send phishing and spam messages exploiting emails, facebook and other social media accounts.

The French duo used as a generator of electromagnetic waves their laptop running the open-source software GNU Radio, a USRP software-defined radio, an amplifier, and an antenna.

The researchers explained that their basic equipment could fit inside a backpack and can reach a range of around six and a half feet. In a more powerful configuration composed of larger batteries that could fit inside a van, the researchers say they could extend the attack’s range to more than 16 feet.
The two experts also published a Video Proof of Concept for the attack, they demonstrated how send a command to Google Now via radio on an Android smartphone instructing the mobile device to launch the browser to visit the ANSSI official website. 
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...