Using Siri to access an iPhone that has been locked and has a passcode implemented (you're an idiot if you don't) and attempting to tell her to to go beyond using the camera or asking for directions will be met with "you will need to unlock your iPhone first". Too many articles like this make people afraid to enable Siri from the look screen. That's where Siri is most useful. I use ""Hey Siri" in my car often. iOS 9 has added even more convenience to Siri. Of course if you're iPhone is being used for nefarious use then by all means shut her down. Use the Touch ID to unlock your iPhone and beware of anyone carrying large heavy backpacks nearby. Don't use unshielded headphones. Watch as your iPhone goes through unexpected use. And shut it off when that happens. Most of all stop believing these articles written for click bait about theoretical hacking that would be difficult to actually implement outside a lab. For me they can take a look at my iMessages to my wife and daughter trying to understand and control the adolescent brain. Maybe they could give me some tips. :-)
If you were wearing the headphones at the time (that is, they're not coiled up in your pocket), I assume you'd hear Siri's responses. If you were actually using the phone at the time, you'd notice the screen changing as well.
It's a pretty pointless hack if it assumes that the victim has headphones attached, but is not actually wearing them. Do people actually do that?
Quote:
Originally Posted by zroger73
While watching a recent keynote on my iPhone 6, Siri unexpectedly activated and the streaming video paused. It took me several seconds to realize that the keynote speaker saying, "Hey, Siri", was causing Siri on my phone to activate.
I've occasionally had people on the radio say something that sounds close enough to "Hey Siri" that Siri activates and starts passing the rest of the radio conversation to Apple. If I don't stop it quickly (by pressing the home button), it eventually makes Siri spew and error message.
Maybe I should start a band and release a song called "Hey Siri, what's the weather?", using that phrase in the chorus. Everybody with an iPhone will be annoyed every time the song is played on the radio :-)
"A more powerful form operational up to 16 feet away would require the hardware be housed in a car or van."
Actually the only time I use my phone for music is while traveling - so now I just have to make sure to watch out for vans following me through the airport terminal.
That aside, wouldn't you hear Siri reacting to the rogue commands and take notice?
Not only that, but you would hear the command being given as well. The attack works by using enough transmit power to turn wires into antennas, the headphone wires would pick it up as well. Depending on how it is done, the volume could be quite loud as well. You would probably notice this happening.
Also, this attack is of course illegal by existing laws. Not only hacking laws, but FCC radio transmit laws come into play here.
Maybe I should start a band and release a song called "Hey Siri, what's the weather?", using that phrase in the chorus. Everybody with an iPhone will be annoyed every time the song is played on the radio :-)
Or switch to wireless headphones, which is probably where Apple is headed in order to make their devices thinner.
Unless Apple comes up with a replacement for bluetooth (a possibility for sure) they won't be able to remove the headphone jack. Bluetooth is worthless for video and likely will be until there is a major revision.
This is such a fringe attack vector to be almost laughable. Anyone silly enough to build themselves a high power radio transmitter to remote control (is 16 feet considered remote?) someone's phone that happens to have a susceptible headphone with integrated microphone attached and a voice controlled smart agent should be committed, or sent to France.
If you're seriously worried about this maybe you should wrap your headphone cable in tin foil and join a Paranormal defense force. Maybe the French Paranormal defense force. Yeah, they're coming for you, so be prepared.
For me they can take a look at my iMessages to mywife and daughter trying to understand and control the adolescent brain. Maybe they could give me some tips. :-)
:-)
Maybe you should not have married an adolescent? Isn't that illegal? (bolding added by me to quote)
In a post-9/11, Charlie Hedbo, London Subway attack world, anyone walking around with an overstuffed backpack that's emitting radio waves might get a lot more than they bargained for.
Siri: "Okay, here is what I found for 'I'm walking around looking suspiciously like a terrorist.'"
Those French are so clever. For their next trick, maybe they can figure out how to do capitalism.
Some Android devices do feature voice recognition for Google Now access, which could thwart the potential hack. Apple has no such functionality built into Siri yet.
My iPhone 6s has voice recognition to access Siri - it asks you to say a few phrases when you set up Siri. I'm sure this was an advertised feature. What am I missing?
Also, as other sensible commentators have noted, this "hack" is pretty unlikely a thing for people to be concerned about in real life. Granted, FCC rules probably get utterly ignored by those "three letter agencies"... as they pretty much act above the law anyway.
Seems like quite a stretch, but I guess some dorks need a useless hobby.
Here's a security tip. If you see an acned teenager or a creepy long beard eating doritos and drinking mountain dew at the coffeeshop and they have a pair of cans and a morse code tapper hooked to a giant backpack.... stay 16 feet away. You'd probably have to stay that far away to avoid the smell of his momma's basement.
Are you more upset that the "dorks" attempt these hacks, or that they succeed?
Its a nice trick, but generally useless. So I guess I don't see the point. People ought to use their talent towards the betterment of humankind or the acquisition of wealth and this is neither. It's just someone trying really hard to be annoying.
"Some Android devices do feature voice recognition for Google Now access, which could thwart the potential hack. Apple has no such functionality built into Siri yet."
So based on this tibdit, tomorrow's sensationalist headline will be: "iOS has catastrophic flaw that allows hackers to drain users' bank accounts and kill their children from 16 feet away; Android secure."
Unless Apple comes up with a replacement for bluetooth (a possibility for sure) they won't be able to remove the headphone jack. Bluetooth is worthless for video and likely will be until there is a major revision.
Matt
By that do you mean the audio sync issue where the audio lags the video by a fraction of a second due to the delay in encoding and then decoding the bluetooth signal?
If so, then there is already a bluetooth audio codec (apx-ll, I believe) available specifically for low-latency transmission which eliminate the lag (something on the order of 40 milliseconds). It works quite well but both the transmitter and receiver need to have it included (and I don't think it even requires BT4, it works with earlier revisions). All it would take to make it main stream would be for someone like Apple to decide to include it in iOS.
Even without that codec (which probably has some extra licensing associated with it), it's highly dependent on your headphones. On mine, for video on my iPad mini, there is a noticable delay but it is very minimal. Kind of to the point where you don't really notice it if you aren't looking for it. For non-video, intermittent audio (ie, alerts, UI clicks, and such) it's more annoying. But I attribute that in part to Apple's aggressive power saving logic on my iPhone 5S. It takes a finite amount of time "fire up" the audio and bluetooth circuits.
Comments
If you were wearing the headphones at the time (that is, they're not coiled up in your pocket), I assume you'd hear Siri's responses. If you were actually using the phone at the time, you'd notice the screen changing as well.
It's a pretty pointless hack if it assumes that the victim has headphones attached, but is not actually wearing them. Do people actually do that?
Quote:
While watching a recent keynote on my iPhone 6, Siri unexpectedly activated and the streaming video paused. It took me several seconds to realize that the keynote speaker saying, "Hey, Siri", was causing Siri on my phone to activate.
I've occasionally had people on the radio say something that sounds close enough to "Hey Siri" that Siri activates and starts passing the rest of the radio conversation to Apple. If I don't stop it quickly (by pressing the home button), it eventually makes Siri spew and error message.
Maybe I should start a band and release a song called "Hey Siri, what's the weather?", using that phrase in the chorus. Everybody with an iPhone will be annoyed every time the song is played on the radio :-)
"A more powerful form operational up to 16 feet away would require the hardware be housed in a car or van."
Actually the only time I use my phone for music is while traveling - so now I just have to make sure to watch out for vans following me through the airport terminal.
That aside, wouldn't you hear Siri reacting to the rogue commands and take notice?
Not only that, but you would hear the command being given as well. The attack works by using enough transmit power to turn wires into antennas, the headphone wires would pick it up as well. Depending on how it is done, the volume could be quite loud as well. You would probably notice this happening.
Also, this attack is of course illegal by existing laws. Not only hacking laws, but FCC radio transmit laws come into play here.
Maybe I should start a band and release a song called "Hey Siri, what's the weather?", using that phrase in the chorus. Everybody with an iPhone will be annoyed every time the song is played on the radio :-)
Look on Youtube for "Xbox Bing"...
Unless Apple comes up with a replacement for bluetooth (a possibility for sure) they won't be able to remove the headphone jack. Bluetooth is worthless for video and likely will be until there is a major revision.
Matt
If you're seriously worried about this maybe you should wrap your headphone cable in tin foil and join a Paranormal defense force. Maybe the French Paranormal defense force. Yeah, they're coming for you, so be prepared.
Pure silliness.
Or switch to wireless headphones, which is probably where Apple is headed in order to make their devices thinner.
Eventually the iPhone will be tattooed on your arm with a laser (that's thin!) and Siri will babble directly into your mind.
Utopian future, here we come!
For me they can take a look at my iMessages to my wife and daughter trying to understand and control the adolescent brain. Maybe they could give me some tips. :-)
:-)
Maybe you should not have married an adolescent? Isn't that illegal? (bolding added by me to quote)
In a post-9/11, Charlie Hedbo, London Subway attack world, anyone walking around with an overstuffed backpack that's emitting radio waves might get a lot more than they bargained for.
Siri: "Okay, here is what I found for 'I'm walking around looking suspiciously like a terrorist.'"
Those French are so clever. For their next trick, maybe they can figure out how to do capitalism.
My iPhone 6s has voice recognition to access Siri - it asks you to say a few phrases when you set up Siri. I'm sure this was an advertised feature. What am I missing?
I'm calling B.S. on the ability to spoof a button press. It's nearly impossible to do by inducing a voltage differential picked up by an antenna.
Proof reading saves face.
Also, as other sensible commentators have noted, this "hack" is pretty unlikely a thing for people to be concerned about in real life. Granted, FCC rules probably get utterly ignored by those "three letter agencies"... as they pretty much act above the law anyway.
Seems like quite a stretch, but I guess some dorks need a useless hobby.
Here's a security tip. If you see an acned teenager or a creepy long beard eating doritos and drinking mountain dew at the coffeeshop and they have a pair of cans and a morse code tapper hooked to a giant backpack.... stay 16 feet away. You'd probably have to stay that far away to avoid the smell of his momma's basement.
Are you more upset that the "dorks" attempt these hacks, or that they succeed?
Its a nice trick, but generally useless. So I guess I don't see the point. People ought to use their talent towards the betterment of humankind or the acquisition of wealth and this is neither. It's just someone trying really hard to be annoying.
So based on this tibdit, tomorrow's sensationalist headline will be: "iOS has catastrophic flaw that allows hackers to drain users' bank accounts and kill their children from 16 feet away; Android secure."
Unless Apple comes up with a replacement for bluetooth (a possibility for sure) they won't be able to remove the headphone jack. Bluetooth is worthless for video and likely will be until there is a major revision.
Matt
By that do you mean the audio sync issue where the audio lags the video by a fraction of a second due to the delay in encoding and then decoding the bluetooth signal?
If so, then there is already a bluetooth audio codec (apx-ll, I believe) available specifically for low-latency transmission which eliminate the lag (something on the order of 40 milliseconds). It works quite well but both the transmitter and receiver need to have it included (and I don't think it even requires BT4, it works with earlier revisions). All it would take to make it main stream would be for someone like Apple to decide to include it in iOS.
Even without that codec (which probably has some extra licensing associated with it), it's highly dependent on your headphones. On mine, for video on my iPad mini, there is a noticable delay but it is very minimal. Kind of to the point where you don't really notice it if you aren't looking for it. For non-video, intermittent audio (ie, alerts, UI clicks, and such) it's more annoying. But I attribute that in part to Apple's aggressive power saving logic on my iPhone 5S. It takes a finite amount of time "fire up" the audio and bluetooth circuits.