How French spooks can silently command Siri, Google Now on phones A group of researchers from the French government's Network and Information Security Agency (ANSSI) have found a way to silently and wirelessly inject voice commands into unlocked iPhones and Android gadgets. The technique, detailed in a paper published by the IEEE, requires the devices to have a wired headphones plugged in – …
They're inducing a current in the signal wires via a radio frequency signal and relying on the non-linear characteristics in the microphone pre-amp to do the de-modulation.
Nothing new there, and I have experienced the phenomenon myself.
The signal is waay too weak to drive a 16ohm earphone/headphone speaker, but they only need a few millivolts swing on the microphone line.
I think that he means that they will hear Siri / Google respond to the command. Not that they would hear the command itself.
In this case though you may think that Siri/ Google picked up something from the surroundings. It would cause you to look at what is going on though and this could make the attacks more effective for certain scenarios. Evil marketing being one sending texts to a premium text number also (though the looking at the screen would not help this)?
"The signal is waay too weak to drive a 16ohm earphone/headphone speaker, but they only need a few millivolts swing on the microphone line."
Doesn't the iPhone amplify mic signals and feed them back to the headphones? I don't know, just asking, but certainly other phones and landlines do this.
Engage a decoy.
Have them stop the target to ask for directions, seen a lost dog, hey werent you in my class at highschool etc to get them to remove the headphones and keep them occupied long enough for the attack to occur and any subsequent confirmations of the voice commands to go unheard.
"Surely thwarted through the use of a ferrite bead on the signal line and a capacitor across the microphone connection?"
Yes, I sure every potential victim also happens to be an electronics expert and wants to solder components onto their phone.
I would suggest a simpler thwart would be to unplug the headphones if not using them.
My point being, the solution is cheap.
The capacitor should be present anyway for EMC purposes, but probably omitted in the race to the bottom.
Ferrite beads can be picked up cheaply from most electronic stores, and can be installed by a non-technical user easily: they just clip around the wire.
Heck, you could make a plug adaptor that embedded a small low-pass filter and an on/off switch for the microphone. Very difficult to hack that via induction. Could be mass produced for about 50c/unit.
On Android you'd have to have Now set to listen on any screen, not just the search one. And even though you have headphones on, somehow miss the initial beep, and any subsequentbeeps/acknowledgments/prompts that follow most queries. And not look at the phone's screen. It's an interesting attack, but not very practical - which is presumably why it's being revealed to mere citizens rather than reserved for use by the State.
It's specific to a wired microphone. It relies on the length of cable to perform radio induction on the microphone wire that the phone receives and interprets as voice input. I think the only reason this works is due to its simple, analog nature. Attempting to induce a high-bandwidth digital connection is more likely to just corrupt the signal. Besides, USB3 cables are supposed to be shielded.
Is surely to broadcast sounds that will be replayed by the headphones. One of the many things I dislike about commuting is having to listen bad music being played by strangers through (predominantly Apple-brand) terrible headphones. I would love the ability to replace their craprap with, say, the Horn Concerto in E Flat. Or, if I were feeling mean, Barry Manilow.
simpler thant having to listen to tinny 'C'rap (and that current pitiful apology for proper R&B, or that wailing that seems to pass for singing) would be to broadcast a 1Khz tone at around 120Db.
mind you about 50% of those targetted probably wouldn't notice the difference because their hearing has been just about destroyed by all that incessant Bass Beat.
That was already a commercial product years ago. Can't remember what it was called or who manufactured it, because I don't live in the U.S. and so simply noted that it was interesting but legally unavailable to me, remembering the phenomenon, not the details, I'm afraid.
But: you plug(ged?*) the little broadcast unit into the headphone socket of your Apple device (iPod/iPhone/whatever) and whatever you're listening to stomps all over the other Apple devices within range, obliging everyone else to listen to whatever you want to inflict upon them.
--
* I don't know if it's still availabe these days.
That's all I do remember, I'm afraid and if you're having trouble tracking it down, I wouldn't hold your breath for anyone else to; it took me ten years to find a reference to something that was a well known children's TV program simply because no-one had previously bothered to mention it online since 'online' existed.
IF I find that I saved any info on it, I'll let you know but, again, I wouldn't hold my breath, if I were you: even if I did, that info will be on a harddrive in another country and I have no idea when I'll next be in that country and able to even look for it, never mind find it.
I'd suggest having a look at Amazon (U.S:), Radioshack, that kind of thing - googling "iPod broadcast antenna" might get you a result but I imagine it'll be like looking for a specific needle in a haystack of identical needles.
A Yaesu FT-857D and a 9Ah SLA battery would fit in a laptop bag. The only tricky bit would be the antenna.
I know this thing is capable of inducing current in a microphone feed, as that is the present problem I am battling with my bicycle-mobile amateur radio station on HF: the transmitted signal getting into the station microphone.
So if it could be miniaturised, could we have something that would have Siri/Google Now issue a nice loud "Oi twat, look where you're going!" into the headphones for times when you have oblivious cretins wandering along so wrapped up in their music often plus facebook or whatever that they are entirely unaware of the more mundane things around them like other people, traffic and things they're about to walk straight into?
Or is that just taking away too many Darwin Award candidates to be fun?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
