Most smartphones can respond to your voice commands, but they might also respond to someone else’s. Researchers from France’s ANSSI information security agency has found a way to make Apple’s Siri and Google voice search respond to commands without talking to them. It happens via radio waves and works up to 16 feet away. This technique can be used to exploit the device in a number of ways.

This clever hack relies upon the headphone jack, which has a microphone input on virtually all modern smartphones. The main limitation of the method developed by ANSSI is that the target device needs to have headphones with a mic plugged into the device. That’s because the electromagnetic waves must use the cord as an antenna to access the mic input. The electrical signals can be made to look like a user’s voice, thus activating Siri or Google.

With the voice commands listening, the radio waves can continue feeding signals into the mic that look to the phone like voice input. The researchers were able to use their system — based on an inexpensive open-source software GNU Radio, a USRP software-defined radio, an amplifier, and an antenna — to issue commands that sent the phone’s browser to a specific website or placed a call. You could use this to essentially turn a phone into a surreptitious listening device or direct it to a website with a software exploit. An attacker could also use these silent voice commands to send phishing messages from the user’s email or social accounts.