Tag: theft

Apple’s Siri in data heist

tim-cook-glareApple’s voice activated personal assistant Siri is being used to steal sensitive information from iOS based smartphones.

Luca Caviglione of the National Research Council of Italy and Wojciech Mazurczy of the Warsaw University of Technology warn that “malicious actors” could use Siri for stealthy data exfiltration by using a method that’s based on steganography, the practice of hiding information.

Clearly the malicious actors are hacked off that people have been stealing their pictures from the iCloud and posting them online and have taken Siri hostage.

iOS malware is also increasingly common, as the popularity of the iPhone is matched by the company’s misplaced belief in its own security vulnerability.

Mazurczy and Caviglione have demonstrated that iOS malware could become difficult to detect.

When users talk to Siri, their voice is processed with the Speex Codec, and the data is transmitted to Apple’s servers where the voice input is translated to text.

Using an attack method called iStegSiri, the “shape” of this traffic embeds sensitive data from the device. This covert channel could be used to send credit card numbers, Apple IDs, passwords, and other sensitive information from the phone to the criminals.

First, a secret message is converted into an audio sequence based on voice and silence alternation. Then, the sound pattern is provided to Siri as input through the internal microphone. Finally, the recipient of the secret message inspects the traffic going to Apple’s servers and extracts the information based on a decoding scheme..

In their experiments, Mazurczy and Caviglione managed to use this method to exfiltrate data at a rate of 0.5 bytes per second. At this speed, it would take roughly 2 minutes to send a 16-digit payment card number to the attacker.

It only works on jail broken devices and attackers somehow need to be able to intercept the modified Siri traffic. However, the researchers highlighted that the purpose of iStegSiri is to help the security community with the detection of malware on the iOS platform.

The researchers told IEEE Spectrum that they have not made specific details on iStegSiri public to prevent cybercriminals from using their work. We guess that Apple have not modified anything in the iOS to stop it happening if someone works it out.

Apple iPhone is favoured by thieves

Apple_iPhone_5_white-330x330A report from the UK Home Office said that thieves are brand conscious and prefer stealing Apple iPhones compared to the rest of the pack.

The report said over 50 percent of all phones stolen between January 2012 to January 2014 were iPhones.  Other brands appealing to thieves are Blackberry and Samsung devices. People who have had their phones stolen believe the value of the personal data to be more than £760.

While vendors have made improvements to security that appear to have put off some thieves, the report analyses their effectiveness in some detail.

It suggests that the introduction of Apple iOS7 this time last year “has affected the black market value of some stolen iPhones”.  An analysis based in London suggests reduction in thefts because of iOS7.

phonechart

Samsung’s intro of Find my Mobile and the Reactivation Lock have also probably reduced thefts.

People worried about losing their mobile phones should register their mobile devices at no cost at immmobilise.com, use PIN locks, don’t leave your phone hanging about, install a tracker app.  If a phone is stolen, it should be reported to the network straight away, and report it to your local cop shop.