Siri DDoS over FM Radio

Question

A few days ago I was driving home and suddenly Siri started to talk by herself in reply to a command I never gave. As you can imagine I have the "hey siri..." feature active, so I can make calls without moving my hands from the wheel.

I was wondering...

Is it possible for a radio announcer to say something like "Hey Siri, open site www.victimsite.com" generating a DDoS or even say something like "Hey siri tweet #radiocool is a great station" creating a trending topic in seconds?

I'm not sure what you are asking. It seems apparent that it is possible. — schroeder, Sep 02 '15 at 19:46
Not asking something "per se", just wondering if this can be used as a source for an attack. — AcidRod75, Sep 02 '15 at 19:52
As this is a Q&A site, and not a discussion site, we kinda need a question to answer. — schroeder, Sep 02 '15 at 19:54
Ask Playstation users what they think of Aaron Paul's commercial. I bet they'll say it can be used as an attack. — Neil Smithline, Sep 02 '15 at 19:56
schroeder, i agree, will edit my original post to be a question. Tyvm — AcidRod75, Sep 02 '15 at 20:04
Yes, it can be done. And seconds after that #radiocool trending topic, #radiocoolhackedme would overtake it. And nobody would listen to #radiocool anymore fearing that someone would hack his phone. — ThoriumBR, Sep 02 '15 at 20:54
Welcome! +1 for an interesting question. Still, if you want more upvotes, please [edit] your question to have a longer and better title. Try to choose a title which itself forms a valid question in the English language; if you do so, end it with a question mark. — unforgettableidSupportsMonica, Sep 03 '15 at 00:33
"Okay Google, search: 'How to obtain child pornography'" (and now I'm on a list) — user253751, Sep 04 '15 at 08:49
Here's a bonus for something similar in XBOX : https://www.youtube.com/watch?v=EgDsqCEHsw4 — sir_k, Sep 04 '15 at 09:06
South Park had an episode like that, lol... "'South Park' Episode Triggers Viewers' Amazon Alexa and Google Home" — ashleedawg, Jul 27 '19 at 06:27

Neil Smithline · Accepted Answer · 2015-09-04T13:35:23.957

It is absolutely possible. There was a publicized case of this in a Xbox ad that demonstrated the voice activation features that seemed to have worked a bit too well.

Some quick-and-dirty remedies for this are:

Allowing users to program their own initiation phrase. This isn't perfect as the radio can still "get lucky" and hit the initiation phrase, causing an accidental triggering. Also, there's a time window between when you've initiated Siri and issued a command where the radio can talk to Siri.
Requiring confirmation for some/all actions. Unless the confirmation is physical, there is still an opportunity for the radio to confirm the task as well.

I guess the best solution would be for Siri to be able to distinguish your voice from the voices of others. That seems trickier though as, according to my understanding of the implementations, the initiation phrase (eg: "Hey Siri") is recognized locally by the phone while the full voice recognition utilizes cloud computing resources and the phone's local power is limited by CPU and battery.

I suspect that all that is needed is one successful attack for vendors like Siri and Android to come up with better defenses.

How is the quotation link relevant? – user253751 Sep 03 '15 at 13:32 — user253751, Sep 03 '15 at 13:32
Sorry @immibis - which link? The Playstation ad? – Neil Smithline Sep 03 '15 at 13:51 — Neil Smithline, Sep 03 '15 at 13:51
That doesn't seem to link to an ad. http://puu.sh/jZ9Te.jpg – user253751 Sep 04 '15 at 01:34 — user253751, Sep 04 '15 at 01:34
It's an Xbox ad, not Playstation. – Thanathan Sep 04 '15 at 07:52 — Thanathan, Sep 04 '15 at 07:52

Siri DDoS over FM Radio

1 Answers1