Headphones can be used to hack a smartphone, report says

Study smartphone hacked via headphones
Credit: Thinkstock

Smartphone headphone cables can be electromagnetically attacked and your device's voice command system can be taken over.

Hackers could use a headphone cable as an antenna to send radio signals that trick smartphones into thinking that commands are being spoken into the device's microphone, say researchers.

The voice commands could be interpreted by the phone's voice recognition system such as Siri or Google Now.

Electromagnetic attacks

Electromagnetic attacks on critical electronic devices aren't new, the authors of the paper say. The study was published in IEEE Transactions on Electromagnetic Capability.

But the scientists, from the French Network and Information Security Agency (ANSSI), say that they've discovered how attackers could exploit vulnerabilities in smartphones using the same techniques.

'Front-door' coupling

The hack, in this case, uses antenna-to-antenna coupling, where the headphone wire on the smartphone is the attack-receiving antenna at the device.

Antenna-to-antenna coupling is also known as "front-door coupling."

Not just brute force

Finely tuned, intentional electromagnetic interference is sent to the phone, "resulting in finer impacts on an information system than a classical denial of service effect," the scientists write in their paper abstract.

In other words, they don't just obliterate the service through brute-force.

The outcome is a "new silent remote voice command injection technique on modern smartphones," they say.

Distance and repercussions

Distance obtainable can be up to 16 feet, according to a Wired article about the discovery.

And the repercussions could include hackers telling the device to "make calls and send texts, dial the hacker's number to turn the phone into an eavesdropping device, send the phone's browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter," Wired points out.

The hack has some serious limitations, though, including that it needs Siri or Google Now to be enabled and can only work on devices with earbuds or headphones attached, Wired explains.

Radio waves for stealing data

Radio waves have been used in the past to steal data with mobile phones.

I've written about AirHopper before in How cellphones steal from air-gapped computers.

In that attack, sensitive data can be leaked from computer key strokes when the PC has been compromised with malware—even if the PC is air-gapped and not on a network.

Collecting phones

With AirHopper, the smartphone's FM broadcast radio is used to collect pixel frequency-derived radio signals emitting from the screen. It works over a distance of up to 7 meters.

One way to deal with that hack is to collect phones from visitors and workers before they enter the facility, some say.


In the case of the French-discovered voice recognition/headphones hack, better cable shielding could help prevent the attack, the study's authors told Wired.

Alternatives, the publication speculates, could include removing the headphone wire altogether or disabling the voice recognition—particularly from the lock screen.

But in the meantime, if your phone starts behaving mysteriously with peculiar voice-command screens calling premium overseas numbers arbitrarily—a possible money-making scam—you might be a victim of this, the latest smartphone hack.

This article is published as part of the IDG Contributor Network. Want to Join?

Must read: Hidden Cause of Slow Internet and how to fix it
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies