How To Control Siri Through Headphone Wires

Last week saw the revelation that you can control Siri and Google Now from a distance, using high power transmitters and software defined radios. Is this a risk? No, it’s security theatre, the fine art of performing an impractical technical achievement while disclosing these technical vulnerabilities to the media to pad a CV. Like most security vulnerabilities it is very, very cool and enough details have surfaced that this build can be replicated.

The original research paper, published by researchers [Chaouki Kasmi] and [Jose Lopes Esteves] attacks the latest and greatest thing to come to smartphones, voice commands. iPhones and Androids and Windows Phones come with Siri and Google Now and Cortana, and all of these voice services can place phone calls, post something to social media, or launch an application. The trick to this hack is sending audio to the microphone without being heard.

googleThe ubiquitous Apple earbuds have a single wire for a microphone input, and this is the attack vector used by the researchers. With a 50 Watt VHF power amplifier (available for under $100, if you know where to look), a software defined radio with Tx capability ($300), and a highly directional antenna (free clothes hangers with your dry cleaning), a specially crafted radio message can be transmitted to the headphone wire, picked up through the audio in of the phone, and understood by Siri, Cortana, or Google Now.

There is of course a difference between a security vulnerability and a practical and safe security vulnerability. Yes, for under $400 and the right know-how, anyone could perform this technological feat on any cell phone. This feat comes at the cost of discovery; because of the way the earbud cable is arranged, the most efficient frequency varies between 80 and 108 MHz. This means a successful attack would sweep through the band at various frequencies; not exactly precision work. The power required for this attack is also intense – about 25-30 V/m, about the limit for human safety. But in the world of security theatre, someone with a backpack, carrying around a long Yagi antenna, pointing it at people, and having FM radios cut out is expected.

Of course, the countermeasures to this attack are simple: don’t use Siri or Google Now. Leaving Siri enabled on a lock screen is a security risk, and most Androids disable Google Now on the lock screen by default. Of course, any decent set of headphones would have shielding in the cable, making inducing a current in the microphone wire even harder. The researchers are at the limits of what is acceptable for human safety with the stock Apple earbuds. Anything more would be seriously, seriously dumb.

Hackaday Links: Sunday, April 14th, 2013


We figure we have to start off this week’s links post talking about PETMAN. Boston Dynamics shows off the humanoid robot donning a full chemical suit. It’s a lot scarier than when we first saw it as a couple of legs a few years ago [Thanks Joshua].

Seeing something like that might drive you back to smoking cigarettes. But since that’s pretty bad for your health perhaps you just need a mechanical chain-smoking machine to take the edge off. That thing can really suck ’em down! [Thanks Mike]

Last week’s links included a bit about the Raspberry Pi 2.0 board version’s reset header. [Brian] wrote in to share a link for adding reset to a 1.0 revision board.

Speaking of RPi, [Elvis Impersonator] is using it to automate his garage door with the help of Siri.

In shop news, [Brad] needed to sharpen a few hundred pencils quickly and ended up melting the gears on his electric sharpener. Transplanting the parts to his drill press gave him more power to get the job done in about six minutes.

And finally, you can forget how to decipher those SMD resistor codes. Looks like surface mount resistors might be unmarked like their capacitor brethren. We were tipped off by [Lindsey] who got the news by way of [Dangerous Prototypes and Electronics Lab]

Siri controlled Arduino using Ruby


This snippet of Hello World code lets [Nico Ritschel] turn the Pin 13 LED on his Arduino on and off using Siri, the voice-activated helper built into iPhones. The trick here is using the Ruby programming language to get Siri Proxy talking to Arduino via the USB connection. He calls the project siriproxy-arduino.

On one end of the hack resides SiriProxy, a package not approved by Apple which is capable of intercepting the Siri messages headed for Apple’s own servers. The messages are still relayed, but a copy of each is available for [Nico’s] own uses. On the other side of things he’s building on the work of [Austinbv’s] dino gem; a Ruby package that facilitates control of the Arduino. It includes a sketch that is uploaded to the Arduino board, opening up a Ruby API. The collection of code seen above defines the pin with the LED connected and then listens for a specific Siri commands to actuate it.

Take a look at [Nico’s] explanation of the module in the video after the break.

Continue reading “Siri controlled Arduino using Ruby”

Garage door opener using Siri and Raspberry Pi

Screenshot from 2012-12-11 09:54:36

[DarkTherapy] wrote in to tell us about his garage door opener that works with Siri and a Raspberry Pi. It’s pretty hard to find a picture that tells the story of the hack, but here you can see the PCB inside the housing of the garage door opener. He patched the grey wires into the terminal block. On the other end they connect to a relay which makes the connection.

On the control side of that mechanical relay is a Raspberry Pi board. This seems like overkill but remember the low cost of the RPi and the ability to communicate over a network thanks to the WiFi dongle it uses. We think it’s less outrageous than strapping an Android phone to the opener. To make the RPi work with Siri he chose the SiriProxy package. We’ve seen this software before but don’t remember it being used with the Raspberry Pi.

There is certainly room to extend the functionality of a system like this one. It would be trivial to add a combination lock like this one we build using an AVR chip. It would also be nice to see a sensor used to confirm the door is closed. Even if you don’t need to control your garage this is a great reference project to get the RPi to take commands from your iOS devices.

Continue reading “Garage door opener using Siri and Raspberry Pi”

Giving Siri control of some smart bulbs

After getting his hands on the Philips Hue smart lightbulb [Brandon Evans] cracked open some of the hardware to see what is inside. He also spent time working out the software tricks necessary to use Siri to control light bulbs from iOS.

If you haven’t heard of the Hue product before it’s an LED bulb that fits in a standard medium base whose color and intensity can be controlled wirelessly. Included in each unit is Zigbee compatible hardware that lets the bulbs form their own mesh network. [Brandon] didn’t crack open the bulb since these things cost a pretty penny and disassembly requires cutting. But he did point us to this post where [Michael Herf] shows what the bulb’s case is hiding. We do get to see the other piece of the puzzle as [Brandon] exposes the internals on the base unit that bridges the mesh network to your home network via Ethernet. An STM32 chip is responsible for controlling the base unit.

Aside from a look at the guts [Brandon] hacked Siri (Apple’s voice activated virtual assistant) to control the system. You can see a demonstration of that in the clip after the break. The details are found in the second half of his post which is linked at the top. The code is found in his siriproxy-hue repository.

Continue reading “Giving Siri control of some smart bulbs”

Forget Siri – make Wolfram Alpha your personal assistant

So you can spend a bundle on a new phone and it comes with a voice-activated digital assistant. But let’s be honest, it’s much more satisfying if you coded up this feature yourself. Here’s a guide on doing just that by combining an Asterisk server with the Wolfram Alpha API.

Asterisk is a package we are already familiar with. It’s an open source Private Branch Exchange suite that lets you build your own telephone network. Chances are, you’re not going to build one just for this project, but if you do make sure to document the process and let us know about it. With the Asterisk server in place you just need to give the assistant script an extension (in this case it’s 4747).

But then there’s the problem of translating your speech into text which can be submitted as a Wolfram query. There’s an API for that too which uses Google to do that translation. From there you can tweak abbreviations and other parameters, but all-in-all your new assistant is ready to go. Call it up and ask what to do when you have a flat tire (yeah, that commercial drives us crazy too).

[Thanks M]

Dial 1 to get Siri as your operator

Back in the days of yore when hats were fashionable and color TV didn’t exist, there were real life people who would answer the phone if you dialed 0. These operators would provide directory assistance, and connect you to another number (such as KL5-8635). Apple’s Siri is a lot like an olde-timey phone operator, so [davis] decided to put Siri in an old rotary telephone.

The build started off with a very inexpensive Bluetooth headset and very old rotary phone. The single button on the Bluetooth headset was wired to a contact of the dial – in this case, the number 1. Dialing 1 shorts two contacts in the phone and the Bluetooth headset turns on.

[davis] came up with a very easy build but dialing 1 just isn’t the same as dialing 0. Connecting the Bluetooth button to 0 closes the button for too long. He says ‘0 for operator’ could be implemented with an ATtiny or similar, but we’re wondering if [davis] could make due with a dial-less candlestick phone.

Continue reading “Dial 1 to get Siri as your operator”