Hackers use radio waves to silently control Apple's Siri, Android's Google Now

13

Comments

  • Reply 41 of 62
    foggyhillfoggyhill Posts: 4,767member
    Quote:
    Originally Posted by Mobius View Post





    My iPhone 6s has voice recognition to access Siri - it asks you to say a few phrases when you set up Siri. I'm sure this was an advertised feature. What am I missing?

     

    Siri doesn't work all the time on anything but a 6s WHICH HAS VOICE RECOGNITION.

     

    So, this is not even a really plausible attack.

     

    Siri would already need to be activated

    Quote:

    Originally Posted by Wiggin View Post

     

     

    By that do you mean the audio sync issue where the audio lags the video by a fraction of a second due to the delay in encoding and then decoding the bluetooth signal?

     

    If so, then there is already a bluetooth audio codec (apx-ll, I believe) available specifically for low-latency transmission which eliminate the lag (something on the order of 40 milliseconds). It works quite well but both the transmitter and receiver need to have it included (and I don't think it even requires BT4, it works with earlier revisions). All it would take to make it main stream would be for someone like Apple to decide to include it in iOS.

     

    Even without that codec (which probably has some extra licensing associated with it), it's highly dependent on your headphones. On mine, for video on my iPad mini, there is a noticable delay but it is very minimal. Kind of to the point where you don't really notice it if you aren't looking for it. For non-video, intermittent audio (ie, alerts, UI clicks, and such) it's more annoying. But I attribute that in part to Apple's aggressive power saving logic on my iPhone 5S. It takes a finite amount of time "fire up" the audio and bluetooth circuits.


     

    The delay probably occurs because BT shuts off the channel after transmission to save energy, but if you kept it open, sending small amount of traffic contiously, you wouldn't have any delay at all.  Also, just a bit of buffering in the receiver (BT headphone) you'd be easily able to listen to whatever even with bad BT latency.

  • Reply 42 of 62
    See Air-Gapping for more info.
  • Reply 43 of 62
    welshdogwelshdog Posts: 1,660member
    Sounds like the bigger risk might exposure to extremely powerful radio waves at close range in order to make this stupid attack work at all. If it worked via something small like a walkie talkie that might be one thing, but the requirement of a backpack or van sized apparatus in order to generate enough voltage in the headphone wires to trigger Siri is just plain silly.
  • Reply 44 of 62
    lkrupplkrupp Posts: 6,938member

    Ho boy, the OCD paranoid crowd is gonna be all over this. Will tin foil hats finally become a fashion statement? But don’t worry, MonsterCable will be coming out shortly with shielded earbud cords and charge $99 for them guaranteed to thwart this hack. 

  • Reply 45 of 62
    Quote:
    Originally Posted by mnbob1 View Post



    Using Siri to access an iPhone that has been locked and has a passcode implemented (you're an idiot if you don't) and attempting to tell her to to go beyond using the camera or asking for directions will be met with "you will need to unlock your iPhone first".

    Not true at all; in fact, you don't even need Siri.  iPhones will randomly dial people from your address book even when locked and pocketed.  It's a known and documented bug, for which Apple's answer is "turn off voice dialing."

     

    And no, it's not only on the 6S.  It's happened to me repeatedly on a 6.

  • Reply 46 of 62
    realisticrealistic Posts: 1,134member
    Quote:

    Originally Posted by zroger73 View Post

     

    While watching a recent keynote on my iPhone 6, Siri unexpectedly activated and the streaming video paused. It took me several seconds to realize that the keynote speaker saying, "Hey, Siri", was causing Siri on my phone to activate.


     

     

    Quote:

    Originally Posted by zroger73 View Post

     

    I had to disable "Hey, Siri" because it sometimes activates inadvertently during normal conversation when I'm talking to co-workers or on the office phone. The "training" features in iOS 9 reduced, but did not eliminate the problem.




    Never happened to me or anybody I know but then again 'Hey Siri' is not part of out normal conversations. Does this really happen, anybody?

  • Reply 47 of 62
    jpellino wrote: »
    "A more powerful form operational up to 16 feet away would require the hardware be housed in a car or van."

    Actually the only time I use my phone for music is while traveling - so now I just have to make sure to watch out for vans following me through the airport terminal.

    That aside, wouldn't you hear Siri reacting to the rogue commands and take notice?

    I don't think Siri would take notice, but I'd think the audio you'd be listening to would diminish or lose it's high end frequencies. So, unless you had the ear pods plugged in but not listening to, the user would notice. I'd think a simple .001pf capacitor across the earphone jack should do the trick... no need to shield the wires when one could short out the RF signal from entering the iPhone.case.

    The amount of power it seemingly needs to blast one's way into the iDevice via the earphone cable seems to be pretty strong. I'd put this exploit right up there with stopping cars by jamming their on-board computers... it's doable but not practical.
    If you're operating that powerful of a transmitter in a coffee shop, you should be knocking out cash registers, and other local devices too.
  • Reply 48 of 62
    realistic wrote: »
    zroger73 wrote: »
     
    I had to disable "Hey, Siri" because it sometimes activates inadvertently during normal conversation when I'm talking to co-workers or on the office phone. The "training" features in iOS 9 reduced, but did not eliminate the problem.


    Never happened to me or anybody I know but then again 'Hey Siri' is not part of out normal conversations. Does this really happen, anybody?

    It only happens to me when blasting the new hot single, "Hey Suri Cruise."
  • Reply 49 of 62
    idreyidrey Posts: 640member
    nllarsen wrote: »
    I agree with everything else that's been said, especially the fact that as long as you have a passcode on your device, the person perpetrating the hack wouldn't get any further that the lock screen, unless you were already past that, in which case the user would undoubtedly notice their device being taken over.

    This doesn't fit very well. Every time I ask Siri to ask anything
    headphones or not, Siri always give me a feed back and if the
    iPhone is lock, Siri asks me to unlock it first. So even if
    this hack can trigger Siri, it doesn't seem to be able to get
    very far.
  • Reply 50 of 62
    wigginwiggin Posts: 2,265member
    Quote:

    Originally Posted by foggyhill View Post

     

     

    The delay probably occurs because BT shuts off the channel after transmission to save energy...


     

    Which is true and contributes to the audio delay. But even on my 5S's own speaker or on wired headphones, there is a very noticeable delay when the audio circuit needs to wake up to play a UI sound. For example, entering my PIN or typing on the keyboard (I have the keyboard sound on). Once it's active it's fine, but there is definitely a startup delay in the circuits in the iPhone itself.

  • Reply 51 of 62
    shaminoshamino Posts: 412member
    Quote:

    Originally Posted by Realistic View Post

    Never happened to me or anybody I know but then again 'Hey Siri' is not part of out normal conversations. Does this really happen, anybody?

     

    Not in casual conversation (because in iOS 8, the phone needs to be plugged in to a power source for Hey Siri to work, which is usually only the case when I'm asleep or in the car,) but I've occasionally had Siri activate in response to things heard on the radio that sound close enough to trigger it.

     

    Words like "serious" and "serum" are good candidates for this kind of mistake.

     

    I'm looking forward to reading about a comedian who begins his show by saying "Hey Siri, what time is it?" and gets a chorus of responses from all the phones in the audience.  :D

  • Reply 52 of 62

    Siri isn't needed.  The iPhone will make phone calls at random when locked and in a pocket, even when Siri is turned off.

     

    It's a known and glaring security vulnerability, for which Apple's "solution" is "turn off voice dialing."

     

    Needless to say, your phone should not be monitoring audio and performing voice-dialing WHEN LOCKED.

  • Reply 53 of 62
    Quote:



    Originally Posted by Realistic View Post

     

    Never happened to me or anybody I know but then again 'Hey Siri' is not part of out normal conversations. Does this really happen, anybody?


    I don't have to say "Hey, Siri" for it to activate. I can't say exactly what was said that reproduces it - I just know that during a conversation I'll unexpectedly hear the Siri "chime" and look at the phone only to notice it is trying to parse the last sentence or two since it heard me say following something close enough to "Hey, Siri" to activate it.

  • Reply 54 of 62
    Please let them getting working nice and proper before you go trying to hack it.
  • Reply 55 of 62
    Since Siri must be activated by the user first I wouldn't loose any sleep over this. The Hey Siri feature in iOS 9 would allow this but that must first be turned on & then only works when the iPhone is plugged in.

    I don't know why I wasted my time reading this story.
  • Reply 56 of 62
    gatorguygatorguy Posts: 20,437member
    hezetation wrote: »
    Since Siri must be activated by the user first I wouldn't loose any sleep over this. The Hey Siri feature in iOS 9 would allow this but that must first be turned on & then only works when the iPhone is plugged in.
    Pretty sure iOS9 allows always on, no need to be plugged in to a power source. Still I agree with you that the supposed security hole mentioned in this article is of no real concern.
  • Reply 57 of 62
    muppetrymuppetry Posts: 3,328member
    gatorguy wrote: »
    hezetation wrote: »
    Since Siri must be activated by the user first I wouldn't loose any sleep over this. The Hey Siri feature in iOS 9 would allow this but that must first be turned on & then only works when the iPhone is plugged in.
    Pretty sure iOS9 allows always on, no need to be plugged in to a power source. Still I agree with you that the supposed security hole mentioned in this article is of no real concern.

    Not according to the note in settings.
  • Reply 58 of 62
    gatorguygatorguy Posts: 20,437member
    muppetry wrote: »
    Not according to the note in settings.
    Siri and iOS9 still won't allow for "always listening" unless connected to a power source?
  • Reply 59 of 62
    muppetrymuppetry Posts: 3,328member
    gatorguy wrote: »
    muppetry wrote: »
    Not according to the note in settings.
    Siri and iOS9 still won't allow for "always listening" unless connected to a power source?

    That's what it appears to imply. The 'Allow "Hey Siri"' setting includes the note 'You can speak to Siri without pressing the home button by saying "Hey Siri" when connected to power.' and that is how the phone behaves - only works when plugged in.
  • Reply 60 of 62

    Beginning with iOS 8 on the iPhone 4S to the 6+, "Hey, Siri" requires the phone to be plugged in to a power source.

    Beginning with iOS 9 on the iPhone 6S, "Hey, Siri" does not require the phone to be plugged in to a power source.

     

    It is the combination of iOS 9 and the upgraded hardware in the iPhone 6S that allow the "Hey, Siri" feature to work without external power.

    Using iOS 9 on a phone older than the 6S still requires the phone to be plugged in to a power source.

Sign In or Register to comment.