Opinion Tuesday #3: Hardware Hackers Exploit Siri Using Nothing but an EMF Generator
Hello again fellow hackers. First of all, sorry that this Opinion Tuesday came a week late, but I couldn't make it home in time last week due to the terror attacks in Brussels. I'm safe and sound, though!
Today, I'm reviewing an interesting article that happened some time ago (October 2015), but it shows how powerful hardware hacking can be!
In October last year, security researchers from the from the French government agency "ANSSI" discovered that they could exploit Siri and Google Now to visit malware sites or call a paid number without any software or user interaction! There are only a few key criteria that need to be met:
- The target must have earphones with a microphone plugged in
- Siri or Google Now must be enabled from the lock screen
The researchers constructed a radio transmitter that would trigger voice commands for Siri or Google Now. Further details can be found in the original article:
As most of you will know, I am deeply intrigued by hardware hacking, so this vulnerability really got me bumped up!
The way this vulnerability works is that the transmitter (attacker) creates a changing electromagnetic field that follows a certain frequency. In this case, the frequency would represent an analogue voice pattern. In other words, the strength of the electromagnetic field will change in order to simulate a voice command. The picture below shows how an analogue voice signal looks like.
As you all know from my article on electromagnetism & electromagnetic induction, when we have a changing magnetic field, we will induce a current in a conductor that is within the field's range. So if the attacker's electromagnetic field would change like the analogue signal of a voice, that "voice" will be induced in the wire of the microphone in the earphones. The result: we tricked the smartphone into thinking the user gave it a command!
The beauty of hardware hacking is that it mostly can't be patched. When there is a 0-day discovered in Flash Player, Adobe will simply re-encode their software to fix it. Apple and Google can't fix this vulnerability because it isn't software-related. And they can't re-encode the laws of electromagnetism! In other words, this vulnerability will most likely stay.
Now, there is a simple way that can protect you most of the time: simply disable Siri and Google Now on the lock screen, or disable it entirely. It is not convenient, but it will protect you from this attack!
So, what do you guys think about this? Let me know!