Advertisement

News

Has Siri just highlighted cyber-security weaknesses at the heart of the British government?

Patrick Devaney

Patrick Devaney

  • Updated:

Is Siri the most useless of all the AI assistants? Well, objectively speaking, probably, but Siri’s lack of practical use can lull iPhone users into a false sense of security. Despite a lot of Softonic tutorials on mobile security, it is easy to forget that once activated, Siri is always listening.

Has Siri just highlighted cyber-security weaknesses at the heart of the British government?
Siri listening to the UK Government
If Siri was listening in the Houses of Parliament, where else was she listening?

Although it isn’t ideal to forget that your PHONE could be listening to everything you say, most of us can get away with the oversight. If you’re the Defense Secretary of the United Kingdom, however, there are a lot of things that you or the people around you might be saying that you don’t want to a hackable device to hear. In the UK Parliament yesterday, UK Secretary of Defense Gavin Williamson was interrupted by Siri trying to answer a query while he was talking about Syria. Siri is set to “always listening” on his phone. Let that sink in. Siri is listening to everything that UK Secretary of Defense is saying.

So just how vulnerable is Siri and, accordingly, all of the classified secrets that UK Secretary of Defense has to talk about on a daily basis?

Well, in September, Chinese researchers discovered a shocking backdoor into voice assistants from Google, Amazon, Microsoft, and yes, Appl,e too. Called DolphinAttack, the vulnerability plays on the fact that digital assistants can hear frequencies that lay outside the range of human hearing. This allows attackers to issue normal voice commands at such a high frequency that it is inaudible to human ears.

DolphinAttack means that anybody within a few feet could be issuing silent commands to a smartphone’s digital assistant. The researchers didn’t just stick to basic commands either. Using only basic equipment, the researchers were able to get iPhone’s to make calls and even initiate FaceTime video calls. Incredibly, they were even able to make Alexa unlock IoT connected smart locks or redirect the navigation systems on Audi A3. If a user is wearing an Apple Watch, it allows these ultrasonic attacks to take place from further away.

The implications of such an attack could be severe for a man, like Williamson, with high-security clearance. Anybody passing him in the street could issue an ultrasonic command, which could open a certain website on his mobile browser. From there, the website could automatically install malware onto the phone that would open up the contents of the phone and possible communications to exploitation.

Siri is supposed to only respond to the voice of the user who trained it, but with convincing deep-fake technology becoming more and more prevalent it is easier than ever to reproduce somebody else’s voice. In this particular case, it doesn’t matter that Siri was responding to Williamson’s voice. As Jordan Peele adeptly demonstrates below, it wouldn’t be hard to fake him saying “Hey Siri,” and then feed the fake command through the ultrasonic processors.

It is all well and good laughing at Siri’s interruption in the House of Commons, and coming up with a witty response to make light of the embarrassing situation. Is there something more, however, that we need be seeing. Does Siri’s intervention highlight a worrying lack of insight into the implications of modern technology at the highest levels of the Conservative government in the UK? A lack of insight that could be putting the security of the British nation and her allies at risk? Is it a laughing matter if the man in charge of security for an entire country can’t even manage the security settings of his own mobile phone?

Patrick Devaney

Patrick Devaney

Patrick Devaney is a news reporter for Softonic, keeping readers up to date on everything affecting their favorite apps and programs. His beat includes social media apps and sites like Facebook, Instagram, Reddit, Twitter, YouTube, and Snapchat. Patrick also covers antivirus and security issues, web browsers, the full Google suite of apps and programs, and operating systems like Windows, iOS, and Android.

Latest from Patrick Devaney

Editorial Guidelines