Siri and Google Now could be activated without using voice. Researchers from ANSSI, a French government agency tasked with conducting cybersecurity research, were able to access the two smartphone concierge services remotely and silently.
They used microphone-equipped headphones that were plugged into a phone. Then they sent radio frequency signals that sounded like a person which activated Siri and Google Now, reports Mashable.
They used a laptop that run a software-defined radio, an amplifier and antenna to broadcast the radio wave signals which were picked up by the cord on the headphones. These electric signals were interpreted by the concierge as someone speaking, allowing the French researchers full access to Siri's functions.
The researchers could transmit the signals which the phone could interpret as human voice from 6.5 feet up to 16 feet by using a larger set up. The hackers used it in an area with many people which fooled several phones to call a paid hotline.
But with a smartphone enabled from lock screen, phone owners are somewhat assured that hackers using the same technique have slim chances of succeeding. However, while the hack is not much of a threat to iPhone or Android device owners, it is still nevertheless a reminder that the lock-screen active concierge has some security lapses because the feature, which offers convenience, has some security tradeoffs.
Forbes says that in theory, anything done using Siri or Google Now voice interaction could be attacked such as making calls, sending text messages, opening malicious websites, sending spam or phishing emails or posting to social networking sites. It the hacker placed an outbound call to his own phone, the hacker could eavesdrop on the victim's calls.