Researchers Use Siri To Steal Data From iPhones

← Back to Stories (view on slashdot.org)

Researchers Use Siri To Steal Data From iPhones

Posted by samzenpus on Monday January 19, 2015 @11:03AM from the protect-ya-neck dept.

wiredmikey writes "Using Apple's voice-activated Siri function, security researchers have managed to steal sensitive information from iOS smartphones in a stealthy manner. Luca Caviglione of the National Research Council of Italy and Wojciech Mazurczy of the Warsaw University of Technology warn that malicious actors could use Siri for stealthy data exfiltration by using a method that's based on steganography, the practice of hiding information. Dubbed "iStegSiri" by the researchers, the attack can be effective because it doesn't require the installation of additional software components and it doesn't need the device's alteration. On the other hand, it only works on jailbroken devices and attackers somehow need to be able to intercept the modified Siri traffic. The attack method involves controlling the "shape" of this traffic to embed sensitive data from the device. This covert channel could be used to send credit card numbers, Apple IDs, passwords, and other sensitive information from the phone to the criminal mastermind, researchers said in their paper.

10 of 55 comments (clear)

Min score:

Reason:

Sort:

Only works on jailbroken devices by Anonymous Coward · 2015-01-19 11:04 · Score: 4, Insightful

Nothing to see here, move along.
1. Re:Only works on jailbroken devices by Anonymous Coward · 2015-01-19 12:11 · Score: 4, Insightful
  
  Right, this effectively boils down to "if you install a root kit on a device, bad things can happen"... No shit sherlock.
2. Re:Only works on jailbroken devices by AmiMoJo · 2015-01-20 01:00 · Score: 2
  
  Around 30-35% of iPhones in China are jailbroken, if reports are to be believed. In any case, the jailbreaking tools get millions of downloads, so there are definitely a large number of people at risk.
  While you make an interesting point it ignores the wider issues. People claim Android is insecure even though all of the malware needs you to enable installing from .apk files, and much of it needs root. At least on Android you can legitimately use other app stores like Amazon's, and even rooting your phone doesn't open it up to these kinds of exploits because the root system is basically the Linux su command with a GUI and all the protections that come with it.
  I agree that it isn't as bad as the summary makes out, but it is still an interesting issue.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Requirement to have compromised device by Rosyna · 2015-01-19 11:06 · Score: 5, Insightful

So in order for this to work, an iOS device must already be compromised with a jailbreak? Why is that news?
1. Re:Requirement to have compromised device by Impy+the+Impiuos+Imp · 2015-01-19 11:31 · Score: 3, Interesting
  
  And it's just "currently". Breaking into unjailbroken phones or taking advantage of bugs is the main game already.
  Interesting this -- they alter an audio such that it's Apple-encrypted path to the Siri server can be analyzed to extrace the hidden data without decrypting the stream.
  I often wondered about a similar thing, if a server could pulse data it sends encrypted, which would allow tracking through any layers of encryption. Say goodbye to tor & friends. You'd uave to add random delay to data at each node.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Huh? by Ecuador · 2015-01-19 11:06 · Score: 5, Insightful

it doesn't require the installation of additional software components and it doesn't need the device's alteration.

On the other hand, it only works on jailbroken devices
Too bad jailbraking actually requires the device's alteration / installation of additional software components...

--
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
Big deal out of nothing by thetoadwarrior · 2015-01-19 11:11 · Score: 4, Insightful

It's interesting but hardly a concern given the requirements to make it work.
Doomed, I say by ctime · 2015-01-19 11:12 · Score: 5, Insightful

Jailbroken phone susceptible to data ex-filtration while on special malicious network?? Apple is dying.
Same group of researchers... by BadPirate · 2015-01-19 11:33 · Score: 3, Funny

... That discovered that the Scalage security deadbolts have been compromised, and can be unlocked without the use of a key! Assuming of course you are inside the house.

--
- Holy crap, I've got MOD points! Who thought that was a good idea.
Questionable research by CaptQuark · 2015-01-19 19:51 · Score: 2

In their experiments, Mazurczy and Caviglione managed to use this method to exfiltrate data at a rate of 0.5 bytes per second. At this speed, it would take roughly 2 minutes to send a 16-digit payment card number to the attacker.
2 minutes? One byte every 2 seconds for 16 characters should be 32 seconds. Plus, since they can control the encoding, they could send card numbers using only a nibble, so they could send all 16 numbers in 16 seconds.

Either the original (non-posted) research showed ALL card information could be sent in 2 minutes, or they realized Siri communications are so short they would need multiple requests to get a full 30 seconds of sent audio. Sadly, the original information is not posted so the math discrepancy remains puzzling.

~~