802.bah – Beware the SiriSheep Attack!
On the heels of a French group reverse-engineering the Siri protocol by intercepting requests to the Internet-based server that Apple sends Siri requests to, Pete Lamonica, a first-time Ruby developer has produced another innovative hack.
Lamonica has created an extensible proxy server to enable not only interception of Siri requests, but provide connectivity/interfacing to other devices, such as his Wifi-enabled thermostat.
Check it out here:
What I think might be an interesting is if, in the future, we see Siri modified/deployed in the same way as Microsoft’s Kinect is today used to control all sorts of originally-unintended devices and software.
Can you imagine if $evil_person deployed (via Proxy) the Siri version of the once famed Starbucks pwnership tool, FireSheep? SiriSheep. I call it…
Your house, your car, your stock trades, emails, etc…all Siri-enabled. All Siri-pwned.
I have to go spend some time with the original code — it’s unclear to me if the commands to Siri are sent via SSL and if they are, how gracefully (or ungracefully) errors are thrown/dealt with should one MITM the connection. It seems like it doesn’t give a crap…
Thanks to @JDeLuccia, here’s the github link to the original code.
/Hoff
Related articles
- Siri proxy adds tons of functionality, doesn’t require a jailbreak (hackaday.com)
- SiriProxy Adds Custom Commands to Siri to Control Anything on Your Home Network [Video] (lifehacker.com)
- Coder creates Siri proxy (go.theregister.com)
- Siri reverse-engineered and its inner workings exposed (intomobile.com)
- Siri Argument (laughingsquid.com)
From what I’ve read, siri sends everything in an SSL connection and verifies that the certificate is valid. However, it does not verify that the certificate is from a specific provider. The original reverse engineering research for siri mentioned that they had to install a self-signed certificate in order to man in the middle the protocol.