This exploit can use Siri and Google Now to perform any number of actions using your mobile device. The hacker can silently issue commands to devices that have headphones plugged in, acting as a receiving antenna. For example, the headsets that business owners love to use to communicate while out and about could work for this exploit. The headphones antenna acts like an FM radio chip that can communicate with mobile devices.
ZDNet explains further how this particular exploit works:
With the open source GNU Radio software on a laptop, electromagnetic signals can be sent to those devices. Depending on the sent command, Siri or Google Now can be told to open up a website, send a text, place a call or do any other number of things.
In order to pull this hack off, the attacker only needs to use a laptop with some sort of antenna apparatus to broadcast the signal. All of this could easily be concealed in a backpack and taken on the move. Granted, this exploit is also dependant on whether or not users will leave headphones plugged into the device when not in use, which is relatively unlikely.
Researchers further explained that this hack can work from around six feet from the phone, meaning that the hacker still has to get somewhat near the victim. Furthermore, the signal could potentially extend up to 16 feet from the victim, if the hacker has a powerful enough battery and antenna. Of course, this kind of powerful equipment isn’t nearly as portable as a laptop, making it somewhat inefficient to use, despite the further range.
Finally, it’s very likely that users will notice that their devices are being tampered with before the hacker manages to do anything fishy. The hack doesn’t disable the display of the device, so anyone who is currently using their device will notice what’s happening and react to it, hopefully. These types of hacks are one reason that you should always practice proper smartphone security and use a lock screen. It’s not known if this trick can bypass the lock screen, but either way, it’s a best practice to always be using one. You never know who could get into your device if you’re not using it, especially if you lose it or it gets stolen in a public place. This is why you need some sort of login credential for your device, just like you would for your laptop or desktop PC.
What are your thoughts on this new exploit? Do you think there’s a chance that this kind of vulnerability could be a threat to the business world, or do you think there’s little chance of it having any practical use? Let us know in the comments.