How to exploit Vulnerability in Siri and Google Now.
jeudi 15 octobre 2015
Libellés :
Android
,
HACKING
,
IOS (Apple)
~
Researchers of French Intelligence Agency, ANSSI found that Hackers can control the smartphone devices from 16 feet away. The user would have no idea that his smartphone has been hacked the research says.
The hackers are exploiting vulnerabilities in Siri and Google Now, with the help of radio signals without even saying a word. The hacker can send text messages, emails, and browse on internet without even asking for your permission.
How does a hacker control your device?
The Hacker can only target those devices if the targets headphones are plugged into the jack, only this way the hacker can get into your device without even asking for your permission.
The hacker should have a radio transmitter to start his hacking operation. It will be used to send radio waves that are able to trigger voice commands on Siri and Google Now with a pair of microphone-enabled headphones plugged in.
The users headphone cable will work as radio antennas, this way the Siri or Google Now app will receive commands which it believe is coming from users microphone. The french researchers presented their discovery in Hack in Paris conference.
They presented how a hacker can send sms, emails, visit website managed by hacker, send phishing and spam messages exploiting emails, facebook and other social media accounts.
The French duo used as a generator of electromagnetic waves their laptop running the open-source software GNU Radio, a USRP software-defined radio, an amplifier, and an antenna.
The researchers explained that their basic equipment could fit inside a backpack and can reach a range of around six and a half feet. In a more powerful configuration composed of larger batteries that could fit inside a van, the researchers say they could extend the attack’s range to more than 16 feet.
The two experts also published a Video Proof of Concept for the attack, they demonstrated how send a command to Google Now via radio on an Android smartphone instructing the mobile device to launch the browser to visit the ANSSI official website.
0 commentaires :
Enregistrer un commentaire