
Rigged YouTube videos can use Siri and Google Now to hijack your phone - luizlopes
https://nakedsecurity.sophos.com/2016/07/12/rigged-youtube-videos-can-use-siri-and-google-now-to-hijack-your-phone/
======
1024core
In the old days, kids TV commercials would tell the kids to hold up the phone
to the TV, and then play DTMF tones to dial a 1-900 number. For example:
[http://articles.latimes.com/1991-04-21/news/mn-860_1_horror-...](http://articles.latimes.com/1991-04-21/news/mn-860_1_horror-
stories)

Today, they can probably do the same via "Siri" or "OK Google" ... ?

~~~
dogma1138
Or the more modern version of Xbox live trolling when people name themselves
Xboxoff or xboxinternet and wait for some one to yell their name.

The Siri thing isn't new tho you used to be able to shout at Siri trough some
ones phone when you were on speaker but I think Apple implemented some voice
recognition restrictions.

------
superuser2
I don't understand why anyone would leave "Hey Siri" turned on. I do use Siri
occasionally, but no result of any Siri query is of any value to me while my
phone is in my pocket. If I'm going to take it out of my pocket anyway,
there's no additional friction in pressing the home button.

~~~
dcohenp
Car. Nightstand. Kitchen counter while you cook/wash dishes. There's a myriad
situations where you want to use your device hands-free. In fact, it's the
driver behind an entire new product category (see Amazon Echo, Google Home,
etc.).

~~~
paavokoya
>it's the driver behind an entire new product category

Yeah.. the "consumer as product" category

------
calciphus
Google Now is fairly easy to train to the user. "OK Google" doesn't open every
phone around me.

------
yeukhon
Do people find Sri and Google Now actually useful? I hardly ever find a use
case for it, even when I am driving. I just think people should disable Sri
and Google Now by default, and only activate after pressing a button.

~~~
vitd
Yes, I personally find Siri very useful. I almost always interact with Siri
through my watch and I do things like start a cooking timer while my hands are
covered in raw chicken juice, set a reminder to do something tomorrow, or
reply to a text via voice while driving.

------
notadoc
Siri on my phone has been activated multiple times by the Siri TV commercials.

------
rosstex
Whoa, I just took security with David Wagner last semester and
Nicolas/Pratyush were some of my TAs. Academia, where cool stuff is always
happening under your nose!

------
sparky_z
Do phones not filter out/ignore any sound being emitted from the speaker?
Seems like that shouldn't be too hard to do.

~~~
yeukhon
Can you really distinguish sound emitted from the speaker from someone with a
hoarse voice? Furthermore, what about medium? Traveling different medium
should be considered.

~~~
sparky_z
Well, the device knows exactly what signal it's putting out through the
speaker, so it can predict what the microphone will pick up. It doesn't know
what someone with a hoarse voice is about to say.

~~~
banana_giraffe
That attack described in the video isn't something the phone is producing and
picking up (most phones already ignore what they playback), but rather a sound
played by a laptop picked up by the phone.

And further, the attack described is a sentence that doesn't sound to a human
like "Ok Google" or "Hey Siri", or whatever

~~~
sparky_z
Okay, that's what I didn't understand. Thanks.

------
shahzeb
At least on the iPhone, Siri is only activated by the "Hey Siri" command if
your phone is plugged in to charge.

~~~
bydo
Only on older hardware. Anything with an A9/M9 (iPhones 6S and SE, iPads Pro)
works on battery power as well.

~~~
r00fus
I got around this on my iPhone6 using a battery case :) Nowadays, I just leave
it off, though.

------
thedrbrian
Interesting that they don't have a demo video for Siri/iOS

