Hackers Find a Way to Take Over Smartphones Using Google Now and Siri
The exploit in question is capable of pulling off all sorts of stunts by using Siri or Google Now to administer silent commands to your device. The targeted device needs to have headphones plugged into it to act as a receiving antenna, like the headsets that you might use to communicate while on the go. The antenna acts in a similar manner to FM radio chips to communicate with mobile devices.
ZDNet explains further how this particular exploit works:
With the open source GNU Radio software on a laptop, electromagnetic signals can be sent to those devices. Depending on the sent command, Siri or Google Now can be told to open up a website, send a text, place a call or do any other number of things.
It?s also explained that the tools a hacker would need to pull off this exploit successfully include a laptop and some sort of antenna, but this equipment could easily be concealed and taken advantage of in a bag. Of course, the entire exploit is dependant on whether or not the device user is using a wired headset, and many users probably won?t have them in the device when not in use.
The researchers even went so far as to demonstrate how the hack works. The exploit worked from approximately six feet from the phone, but it?s estimated that the signal could extend up to 16 feet with a powerful enough battery and antenna. The good news about this powerful equipment, however, is that if hackers want to achieve this further range, they?ll have to use a significantly larger machine that probably isn?t nearly as portable as a laptop.
Furthermore, it?s very likely that users will realize what?s happening while the hacker is using the exploit. Since the hack doesn?t disable the display on the device, it?s possible to detect what?s happening to the device and prevent it from occurring if you?re paying attention to it. Hacks like this are why it?s so important to practice proper smartphone security. While it?s not known whether or not your device?s lock screen can be ignored by this exploit, it?s best not to take chances and ensure that you?re using some sort of login credential for your device.
What are your thoughts on this concerning new development? Do you think there?s a possibility that this kind of exploit could take off, or do you think that Google and Apple will nip the vulnerability in the bud before it has a chance to be exploited? Share your thoughts in the comments.