Hackers could use a headphone cable as an antenna to send radio signals that trick smartphones into thinking that commands are being spoken into the device's microphone, say researchers.
The voice commands could be interpreted by the phone's voice recognition system such as Siri or Google Now.
But the scientists, from the French Network and Information Security Agency (ANSSI), say that they've discovered how attackers could exploit vulnerabilities in smartphones using the same techniques.
The hack, in this case, uses antenna-to-antenna coupling, where the headphone wire on the smartphone is the attack-receiving antenna at the device.
Antenna-to-antenna coupling is also known as "front-door coupling."
Not just brute force
Finely tuned, intentional electromagnetic interference is sent to the phone, "resulting in finer impacts on an information system than a classical denial of service effect," the scientists write in their paper abstract.
In other words, they don't just obliterate the service through brute-force.
The outcome is a "new silent remote voice command injection technique on modern smartphones," they say.
Distance and repercussions
Distance obtainable can be up to 16 feet, according to a Wired article about the discovery.
And the repercussions could include hackers telling the device to "make calls and send texts, dial the hacker's number to turn the phone into an eavesdropping device, send the phone's browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter," Wired points out.
The hack has some serious limitations, though, including that it needs Siri or Google Now to be enabled and can only work on devices with earbuds or headphones attached, Wired explains.
Radio waves for stealing data
Radio waves have been used in the past to steal data with mobile phones.
I've written about AirHopper before in How cellphones steal from air-gapped computers.
In that attack, sensitive data can be leaked from computer key strokes when the PC has been compromised with malware—even if the PC is air-gapped and not on a network.
With AirHopper, the smartphone's FM broadcast radio is used to collect pixel frequency-derived radio signals emitting from the screen. It works over a distance of up to 7 meters.
One way to deal with that hack is to collect phones from visitors and workers before they enter the facility, some say.
In the case of the French-discovered voice recognition/headphones hack, better cable shielding could help prevent the attack, the study's authors told Wired.
Alternatives, the publication speculates, could include removing the headphone wire altogether or disabling the voice recognition—particularly from the lock screen.
But in the meantime, if your phone starts behaving mysteriously with peculiar voice-command screens calling premium overseas numbers arbitrarily—a possible money-making scam—you might be a victim of this, the latest smartphone hack.
This article is published as part of the IDG Contributor Network. Want to Join?