Tuesday, 20 January 2015

Researchers Steal Data From Jailbroken iPhone Via Siri

Researchers have developed a way which makes it possible to steal data from infected jailbroken iPhone via the Siri voice control. When users communicate with Siri is processed their voice to data and sent it to Apple, where the voice input is translated into text.

Researchers Luca Caviglione and Wojciech Mazurczy an attack developed Siri which is used to set up a secret channel between an infected machine and a botmaster so they can steal sensitive data like passwords, credit card numbers and Apple IDs. The malware on the device processes the data to an audio clip that is offered to Siri. Siri will then send the data to a remote server. An attacker who has access to network traffic can thus extract the encoded information.

In addition to the requirement that access to the network traffic, the iPhone must be jailbroken, so the researchers in their report to know. By using the "iStegSiri-attack" can be 0.5 bytes sent per second. Sending a credit card number with 16 digits in this way takes about 2 minutes. The researchers say opposite IEEE they especially want to see how their research steganography, hiding information in innocent looking objects such as images, text or sound clips can be used by attackers.

No comments:

Post a Comment