iOS 9 With Siri enabled from the lock screen of an iPhone, anyone with physical access to the device can use Siri to gain access to the device. Now research has shown that hackers can also remotely access Siri on an iPhone when a pair of headphones is connected to the device.

According to Wired, researchers at ANSSI, a French government agency focused on information security, have found a way to remotely access a smartphone’s built-in voice controls – such as Apple’s Siri and Android’s Google Now – by tapping into connected headphones with integrated microphone using a radio transmitter from as far as 16 feet away.

Microphone equipped headphones, like Apple’s EarPods, allow you to issue voice commands to Siri with a long button press on the headphone. Headphones also make very good radio antennas and are often used to enable FM radio reception on mobile devices.

Using the headphone cable as an antenna, the researchers are able to simulate the button press on the headphone to launch Siri and trick her into believing audio commands are coming from the connected microphone.

“Without speaking a word, a hacker could use that radio attack to tell Siri or Google Now to make calls and send texts, dial the hacker’s number to turn the phone into an eavesdropping device, send the phone’s browser to a malware site, or send spam and phishing messages via email, Facebook, or Twitter,” explained Wired .

Using equipment that fits into a backpack, hackers can access an iPhone using this hack from as little as six and a half feet away. Using this hack from 16 feet away requires a larger scale operation and hackers would need at least a van to house the necessary equipment.

Your iPhone may not be that vulnerable

Although ingenious, vulnerability to such a hack is reduced by a few limitations, noted Wired:

It only works on phones that have microphone-enabled headphones or earbuds plugged into them. Many Android phones don’t have Google Now enabled from their lockscreen or have it set to only respond to commands when it recognizes the user’s voice. (On iPhones, however, Siri is enabled from the lockscreen by default, with no such voice identity feature.) Another limitation is that attentive victims would likely be able to see that the phone was receiving mysterious voice commands and cancel them before their mischief was complete

As of iOS 9 and the iPhone 6s, Apple has incorporated voice recognition for the “Hey Siri” function, but the researchers were able to access and control older model iPhones using this technique as well.

But then again, better safe than sorry

Regardless of the limitations, if you are concerned that someone could use Siri to access your iPhone – either remotely using this hack or by getting their hands on your phone without your knowledge – you can disable access to Siri from the lockscreen.

How to disable access to Siri from iPhone’s lockscreen

To disable access to Siri from your iPhone’s lockscreen, go to Settings app > tap Touch ID & Passcode > uncheck Siri under Allow Access When Locked. Here you can also disable access to the Today screen, Notifications View, Reply With Message, and the Wallet app, for extra measure.

While you are at it, you may also want to prevent Airplane Mode from being activated without switching off the iPhone – just in case it gets stolen.

Image credit: JESHOOTS via Pixabay