Posts Tagged ‘Starbucks’

802.bah – Beware the SiriSheep Attack!

November 21st, 2011 1 comment

On the heels of a French group reverse-engineering the Siri protocol by intercepting requests to the Internet-based server that Apple sends Siri requests to, Pete Lamonica, a first-time Ruby developer has produced another innovative hack.

Lamonica has created an extensible proxy server to enable not only interception of Siri requests, but provide connectivity/interfacing to other devices, such as his Wifi-enabled thermostat.

Check it out here:

What I think might be an interesting is if, in the future, we see Siri modified/deployed in the same way as Microsoft’s Kinect is today used to control all sorts of originally-unintended devices and software.

Can you imagine if $evil_person deployed (via Proxy) the Siri version of the once famed Starbucks pwnership tool, FireSheep?  SiriSheep.  I call it…

Your house, your car, your stock trades, emails, etc…all Siri-enabled.  All Siri-pwned.

I have to go spend some time with the original code — it’s unclear to me if the commands to Siri are sent via SSL and if they are, how gracefully (or ungracefully) errors are thrown/dealt with should one MITM the connection.  It seems like it doesn’t give a crap…

Thanks to @JDeLuccia, here’s the github link to the original code.


Enhanced by Zemanta