Jump to content

Search the Community

Showing results for tags 'siri'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. Attackers living on any network are all about one thing: persistence. They want to get on quietly and stay on quietly. But what about moving stolen data off a network? How quiet can that be? Two researchers believe they’ve figured out a way to combine Siri, Apple iOS’ native voice-activated service, and tenets of steganography to sneak data from jailbroken iPhones and iPads to a remote server. Luca Caviglione of the National Research Council of Italy, and Wojciech Mazurczyk of Warsaw University of Technology published an academic paper called “Understanding Information Hiding in iOS” in which they describe three steps how to pull it off. Their method, called iStegSiri, takes advantage of the data Siri sends to Apple servers for translation and manipulates that traffic, which is then observed by an attacker who must intercept it before it reaches Apple’s servers. Before that happens, an attacker would have to convert the secret to an audio sequence based on the “proper alternation of voice and silence,” the researchers wrote. Next, that altered sound pattern is fed to Siri via the iOS device’s internal microphone. Siri sends voice-to-text translation input to an Apple server where it is translated and sent back to the device. The attacker must be able to passively inspect the traffic, the researchers said, and apply a decoding scheme to learn the secret, which can be anything from a credit card number to an Apple ID and password combination. “The covert listener must capture the traffic and decode the secret. The former can be achieved in several ways, including transparent proxies or probes that dump traffic for offline processing,” the researchers wrote. “The decoding algorithm implements a voting-like method using two decision windows to determine whether a run of throughput values belongs to voice or silence (1 or 0).” IStegSiri does not require the installation of a malicious app, or an alteration of any kind. The researchers said that the method is relatively slow; secrets are sent at 0.5 bytes per second, meaning that it would take two minutes to transmit a 16-digit credit card number. “[iStegSiri] requires access to Siri’s inner workings; this means that only jailbroken iOS devices can currently be used. However, iStegSiri showcases the principle of using real-time voice traffic to embed data,” the researchers wrote. “Therefore, it can be further exploited on existing similar applications such as Google Voice or Shazam, or implemented in future applications by taking advantage of coding errors.” The paper states that the ideal countermeasure lies with Apple server-side. “For example, Apple should analyze patterns within the recognized text to determine if the sequence of words deviates significantly from the used language’s typical behaviors,” the researchers wrote. “Accordingly, the connection could be dropped to limit the covert communication’s data rate. This approach wouldn’t rely on the device, so additional functionalities or battery consumptions wouldn’t be required.” Source
×
×
  • Create New...