Home > Cloud Security, Jackassery > 802.bah – Beware the SiriSheep Attack!

802.bah – Beware the SiriSheep Attack!

November 21st, 2011 Leave a comment Go to comments

On the heels of a French group reverse-engineering the Siri protocol by intercepting requests to the Internet-based server that Apple sends Siri requests to, Pete Lamonica, a first-time Ruby developer has produced another innovative hack.

Lamonica has created an extensible proxy server to enable not only interception of Siri requests, but provide connectivity/interfacing to other devices, such as his Wifi-enabled thermostat.

Check it out here:

What I think might be an interesting is if, in the future, we see Siri modified/deployed in the same way as Microsoft’s Kinect is today used to control all sorts of originally-unintended devices and software.

Can you imagine if $evil_person deployed (via Proxy) the Siri version of the once famed Starbucks pwnership tool, FireSheep?  SiriSheep.  I call it…

Your house, your car, your stock trades, emails, etc…all Siri-enabled.  All Siri-pwned.

I have to go spend some time with the original code — it’s unclear to me if the commands to Siri are sent via SSL and if they are, how gracefully (or ungracefully) errors are thrown/dealt with should one MITM the connection.  It seems like it doesn’t give a crap…

Thanks to @JDeLuccia, here’s the github link to the original code.


Enhanced by Zemanta
  1. Soleblaze
    November 22nd, 2011 at 01:18 | #1

    From what I’ve read, siri sends everything in an SSL connection and verifies that the certificate is valid. However, it does not verify that the certificate is from a specific provider. The original reverse engineering research for siri mentioned that they had to install a self-signed certificate in order to man in the middle the protocol.

  1. December 5th, 2011 at 03:11 | #1