One of the headline features in Apple's new iOS 8 operating system and highly anticipated smartwatch is the ability to call up the iPhone's personal assistant Siri from any screen just by saying 'Hey Siri'.
In those cases, users can perform tasks such as sending messages, making calls, visiting webpages and using the GPS completely hands-free.
But what if these voice technologies could be exploited by malware and turned against you?
"Voice control is a convenient, nice-to-have feature, however some of our early research is indicating that there are some real gotchas that we need to be aware of," said AVG's security advisor, Michael McKinnon.
In a YouTube video, AVG's chief technology officer Yuval Ben-Itzhak demonstrated how easily Google Now could be fooled into following commands from another smartphone that was using Android's own text to speech technology.
"Where this gets interesting is the possibility of having an app on your smartphone that can actually speak, and your phone itself listens to the commands from that," McKinnon claimed.
Ben-Itzhak demonstrated being able to send an email announcing a company was out of business by commanding Google's assistant using voice synthesised from another device.
The breadth of voice commands available through Siri and Google Now mean that with the right bit of malware, hackers could do everything from calling premium numbers and visiting infected webpages to sending emails with confidential data.
With Apple's new HomeKit technology in iOS 8, this extends to controlling smart home features like door locks, lights and temperature.
Granted, the close proximity of devices like smartphones and smartwatches means the likelihood of such an attack going undetected is slim, but McKinnon said hackers could potentially tap into a device's gyroscope and microphone to determine when the target has put their device down and there's no-one nearby.
At the moment, the iOS 8 device also needs to be plugged into mains power for Siri to be awoken by voice without the press of a button. But this may be only a temporary deterrent.
"One of the problems with this sort of technology is that there's no authentication to the voice," argued McKinnon.
In other words, neither Siri nor Google Now are configured to the device owner's voice, meaning anyone can use these technologies to make a call or send a text message on someone else's device.
The Australian Taxation Office's call centre recently introduced a new automated voice authentication system called "Voiceprint" that asks callers to repeat a phrase to prove their identity. This compares the caller to a voiceprint enrolled with a particular tax file number using technology supplied by Nuance Communications, a leading provider of speech and imaging solutions.
McKinnon said this sort of authentication would also be helpful on smart devices.
"It would be great if your mobile device were able to recognise your device, because then it could simply turn around and ask you to verify that it's you before it accepts any other commands."
James Turner, security industry analyst at IBRS, said the risks of voice activated hacking were theoretical at this stage. "It's something that the people designing these systems need to be thinking about, but I don't think it's something that consumers need to be panicking about," he said.
While there have been no active threats detected in the wild that take advantage of this loophole, McKinnon claimed it's a risk device manufacturers and operating system developers need to consider.
"Voice activated technology is incredibly powerful, but we also need to make sure that we're careful about how quickly we head with some of this stuff and have a think about the potential consequences, McKinnon added.