
Researchers hack Siri from 16 feet away - dosapati
http://www.businessinsider.com/siri-silently-hacked-from-16-feet-away-by-french-researchers-2015-10
======
ChuckMcM
Interesting inducing audio on the wire of a connected pair of headphones.
(lousy shielding, coax wouldn't work but nobody seems to have coax headphone
cables at the low end :-)

I've always wondered what would happen if broadcast "Ok Google, call 555-1212,
ok" over a loudspeaker in a crowded shopping mall. How many people's phones
would simply obey?

~~~
egeozcan
Wasn't there actually a radio ad which just did that?

edit: found it [http://www.cultofmac.com/328705/toyota-radio-ad-shuts-
down-i...](http://www.cultofmac.com/328705/toyota-radio-ad-shuts-down-iphones-
because-drivers-wont/)

------
biot
A few weeks ago I was in a meeting and Siri blurted out "Sorry I didn't get
that". I've never had "hey Siri" activated (I immediately verified) and
nothing was plugged into my iPhone 5. Rather disconcerting.

~~~
prawn
It will activate if you hold down the home button, something that can easily
happen accidentally when your phone is in your pocket or otherwise squashed
against something.

Mine activated the other day in that manner and my three year old looked
around wildly, then said "Was that the robot lady?!"

~~~
biot
It was sitting face-up on a table. Other than the possibility of a flaky home
button, I'm chalking this one up to the NSA. :)

------
fuzzywalrus
There's a few things that seem key to this: Leaving "hey siri" and "ok google"
on at all times, requires relatively noise free environment. Also, with the
always on feature, you need to properly address one's phone. Simply changing
Siri to "Stupidhead" would render the always on attack moot.

It's interesting but without direct access, there's only minimal information
to be gleaned as commanding Siri to look up the most recent call would only
allow the attack to see the most recent call with a direct LOS.

Also, this recap can be skipped by going to the original wired article:
[http://www.wired.com/2015/10/this-radio-trick-silently-
hacks...](http://www.wired.com/2015/10/this-radio-trick-silently-hacks-siri-
from-16-feet-away/)

~~~
PerryCox
Siri can't be renamed to stupidhead or anything else for that matter, but the
always listening feature can be disabled.

~~~
fuzzywalrus
I stand corrected, I assumed that you could as you can rename what Siri calls
you. Learn something new every day.

------
orahlu
This was presented at SSTIC 2015.

paper (in french): [https://www.sstic.org/media/SSTIC2015/SSTIC-
actes/injection_...](https://www.sstic.org/media/SSTIC2015/SSTIC-
actes/injection_commandes_vocales_ordiphone/SSTIC2015-Article-
injection_commandes_vocales_ordiphone-kasmi_lopes-esteves_9giaJ0T.pdf) video
(in french):
[http://static.sstic.org/videos2015/SSTIC_2015-06-03_P09_AGRE...](http://static.sstic.org/videos2015/SSTIC_2015-06-03_P09_AGREMI.mp4)

------
dkokelley
As presented, people are only vulnerable if they:

\- Allow Siri from the lock screen

\- Have headphones plugged in (presumably Apple's)

\- Are not using their device or have their headphones in (otherwise the
attack would be detected immediately) OR:

\- Have audible feedback from Siri disabled

P.S. Link to source article: [http://www.wired.com/2015/10/this-radio-trick-
silently-hacks...](http://www.wired.com/2015/10/this-radio-trick-silently-
hacks-siri-from-16-feet-away/)

Original research publication:
[http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=tru...](http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=7194754)

~~~
TazeTSchnitzel
> \- Allow Siri from the lock screen

Lots of people use 'Hey Siri', myself included.

> \- Have headphones plugged in (presumably Apple's)

Not that unlikely.

> \- Are not using their device or have their headphones in (otherwise the
> attack would be detected immediately) OR:

> \- Have audible feedback from Siri disabled

These would be the killers. The moment Siri's activated you'd hear it loudly
in your ears.

~~~
Laaw
So what? You know your phone visited a website, but if that site had a zero-
day, would it matter?

~~~
dkokelley
Generally the result is not immediate. The speed of your network and Siri's
delay you should have a second or two to interrupt the attack.

