How to exploit Vulnerability in Siri and Google Now.

Researchers of French Intelligence Agency, ANSSI found that Hackers can control the smartphone devices from 16 feet away. The user would have no idea that his smartphone has been hacked the research says.

The hackers are exploiting vulnerabilities in Siri and Google Now, with the help of radio signals without even saying a word. The hacker can send text messages, emails, and browse on internet without even asking for your permission. 

How does a hacker control your device? 

The Hacker can only target those devices if the targets headphones are plugged into the jack, only this way the hacker can get into your device without even asking for your permission. 
The hacker should have a radio transmitter to start his hacking operation. It will be used to send  radio waves that are able to trigger voice commands on Siri and Google Now with a pair of microphone-enabled headphones plugged in.
The users headphone cable will work as radio antennas, this way the Siri or Google Now app will receive commands which it believe is coming from users microphone.  The french researchers presented their discovery in Hack in Paris conference.  
They presented how a hacker can send sms, emails, visit website managed by hacker, send phishing and spam messages exploiting emails, facebook and other social media accounts.

The French duo used as a generator of electromagnetic waves their laptop running the open-source software GNU Radio, a USRP software-defined radio, an amplifier, and an antenna.

The researchers explained that their basic equipment could fit inside a backpack and can reach a range of around six and a half feet. In a more powerful configuration composed of larger batteries that could fit inside a van, the researchers say they could extend the attack’s range to more than 16 feet.
The two experts also published a Video Proof of Concept for the attack, they demonstrated how send a command to Google Now via radio on an Android smartphone instructing the mobile device to launch the browser to visit the ANSSI official website. 
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...

Cyber Physical Systems for Smart Grid Applications

The smart grid is an emerging paradigm for more reliable and efficient power delivery. It requires monitoring, controlling, and managing the power grid in...

How Is Hospital Critical Infrastructure Protected?

Hospitals hold a lot of sensitive data. When they are hacked, patient information is exposed, putting patients at risk because the hackers can use...

Software Engineering for Cyber-Physical Systems

Cyber-physical systems (CPS) are engineered systems that integrate computation, networking, and physical process. CPS classifies in many ways, including their scale, embeddedness, and the...