Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Use Siri To Steal Data From iPhones

Posted by samzenpus on from the protect-ya-neck dept.

wiredmikey writes "Using Apple's voice-activated Siri function, security researchers have managed to steal sensitive information from iOS smartphones in a stealthy manner. Luca Caviglione of the National Research Council of Italy and Wojciech Mazurczy of the Warsaw University of Technology warn that malicious actors could use Siri for stealthy data exfiltration by using a method that's based on steganography, the practice of hiding information. Dubbed "iStegSiri" by the researchers, the attack can be effective because it doesn't require the installation of additional software components and it doesn't need the device's alteration. On the other hand, it only works on jailbroken devices and attackers somehow need to be able to intercept the modified Siri traffic. The attack method involves controlling the "shape" of this traffic to embed sensitive data from the device. This covert channel could be used to send credit card numbers, Apple IDs, passwords, and other sensitive information from the phone to the criminal mastermind, researchers said in their paper.

6 of 55 comments (clear)

  1. Only works on jailbroken devices by Anonymous Coward · · Score: 4, Insightful

    Nothing to see here, move along.

    1. Re:Only works on jailbroken devices by Anonymous Coward · · Score: 4, Insightful

      Right, this effectively boils down to "if you install a root kit on a device, bad things can happen"... No shit sherlock.

  2. Requirement to have compromised device by Rosyna · · Score: 5, Insightful

    So in order for this to work, an iOS device must already be compromised with a jailbreak? Why is that news?

  3. Huh? by Ecuador · · Score: 5, Insightful

    it doesn't require the installation of additional software components and it doesn't need the device's alteration.

    On the other hand, it only works on jailbroken devices

    Too bad jailbraking actually requires the device's alteration / installation of additional software components...

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
  4. Big deal out of nothing by thetoadwarrior · · Score: 4, Insightful

    It's interesting but hardly a concern given the requirements to make it work.

  5. Doomed, I say by ctime · · Score: 5, Insightful

    Jailbroken phone susceptible to data ex-filtration while on special malicious network?? Apple is dying.