A group of researchers from ANSSI, a French government agency that focuses on information security, have demonstrated the ability to silently control Google Now and Siri from up to 16 feet away using radio waves.
The nature of the attack requires that a pair of headphones be plugged into the target device to act as an antenna.
As Wired explains, a hacker could command Apple and Google's digital assistants to perform a myriad of tasks including placing a call to the hacker's phone for eavesdropping purposes, placing a call to a paid number to generate money for the attacker, navigating the web browser to a malware-laden website and even send spam or phishing messages via e-mail or on social networks.
The worst part of it all is the fact that the target device's owner would never be the wiser.
In its most compact form, the hardware necessary for the hack - a notebook running open-source software GNU Radio, a USRP software-defined radio, an antenna and an amplifier - could fit inside a backpack and give the attacker a range of roughly six and a half feet. To reach distances of 16 feet, something like a vehicle would be needed to house the larger hardware.
Again, the attack only works if the target device has a set of microphone-enabled headphones plugged in. Said device must also have its voice assistant enabled from the lock screen.
The researchers said they've contacted both Apple and Google regarding the vulnerability and offered solutions on how to combat the attack. For now, however, the best course of action for paranoid smartphone owners is to simply disable voice commands from the lock screen.
Image courtesy Jose Lopes Esteves