Alleged IOS backdoors - cypherpunks - lists.cpunks.org

newer
Compromise of Soviet codes in WWII

Alleged IOS backdoors

older
Tor developers vow to fix bug that...

Georgi Guninski

22 Jul 2014 22 Jul '14

12:21 p.m.

Alleged IOS backdoors http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attac... Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices JONATHAN ZDZIARSKI

Reply

Sign in to reply online Use email software

Show replies by date

coderman

22 Jul 22 Jul

7:48 p.m.

On Tue, Jul 22, 2014 at 5:21 AM, Georgi Guninski wrote:

Alleged IOS backdoors

http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attac...

Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices

note that Google is no better. back in 2011 i reported the abuse of Google Voice Search as easily accessible (no permissions required) and excellent for eavesdropping (always on should not be possible). the more things change, the more they stay the same ;) best regards, --- '... nearly all Android devices equipped with Google Services Framework can be affected by GVS-Attack' http://arxiv.org/abs/1407.4923 """ Previous research about sensor based attacks on Android platform focused mainly on accessing or controlling over sensitive device components, such as camera, microphone and GPS. These approaches get data from sensors directly and need corresponding sensor invoking permissions. This paper presents a novel approach (GVS-Attack) to launch permission bypassing attacks from a zero permission Android application (VoicEmployer) through the speaker. The idea of GVS-Attack utilizes an Android system built-in voice assistant module -- Google Voice Search. Through Android Intent mechanism, VoicEmployer triggers Google Voice Search to the foreground, and then plays prepared audio files (like "call number 1234 5678") in the background. Google Voice Search can recognize this voice command and execute corresponding operations. With ingenious designs, our GVS-Attack can forge SMS/Email, access privacy information, transmit sensitive data and achieve remote control without any permission. Also we found a vulnerability of status checking in Google Search app, which can be utilized by GVS-Attack to dial arbitrary numbers even when the phone is securely locked with password. A prototype of VoicEmployer has been implemented to demonstrate the feasibility of GVS-Attack in real world. In theory, nearly all Android devices equipped with Google Services Framework can be affected by GVS-Attack. This study may inspire application developers and researchers rethink that zero permission doesn't mean safety and the speaker can be treated as a new attack surface. """

Reply

Sign in to reply online Use email software

Georgi Guninski

23 Jul 23 Jul

2:04 p.m.

Are dumb phones sufficiently secure? Say something monochrome from the 90's? Heard rumors operators can update the firmware on a lot of models, not sure how true is this. On Tue, Jul 22, 2014 at 12:48:35PM -0700, coderman wrote:

On Tue, Jul 22, 2014 at 5:21 AM, Georgi Guninski wrote:

...
Alleged IOS backdoors

http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attac...

Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices

note that Google is no better. back in 2011 i reported the abuse of Google Voice Search as easily accessible (no permissions required) and excellent for eavesdropping (always on should not be possible).

the more things change, the more they stay the same ;)

best regards,

---

'... nearly all Android devices equipped with Google Services Framework can be affected by GVS-Attack'

http://arxiv.org/abs/1407.4923 """ Previous research about sensor based attacks on Android platform focused mainly on accessing or controlling over sensitive device components, such as camera, microphone and GPS. These approaches get data from sensors directly and need corresponding sensor invoking permissions.

This paper presents a novel approach (GVS-Attack) to launch permission bypassing attacks from a zero permission Android application (VoicEmployer) through the speaker. The idea of GVS-Attack utilizes an Android system built-in voice assistant module -- Google Voice Search. Through Android Intent mechanism, VoicEmployer triggers Google Voice Search to the foreground, and then plays prepared audio files (like "call number 1234 5678") in the background. Google Voice Search can recognize this voice command and execute corresponding operations. With ingenious designs, our GVS-Attack can forge SMS/Email, access privacy information, transmit sensitive data and achieve remote control without any permission.

Also we found a vulnerability of status checking in Google Search app, which can be utilized by GVS-Attack to dial arbitrary numbers even when the phone is securely locked with password. A prototype of VoicEmployer has been implemented to demonstrate the feasibility of GVS-Attack in real world. In theory, nearly all Android devices equipped with Google Services Framework can be affected by GVS-Attack. This study may inspire application developers and researchers rethink that zero permission doesn't mean safety and the speaker can be treated as a new attack surface. """

Reply

Sign in to reply online Use email software

rysiek

2:44 p.m.

Dnia środa, 23 lipca 2014 17:04:13 Georgi Guninski pisze:

Are dumb phones sufficiently secure? Say something monochrome from the 90's? Heard rumors operators can update the firmware on a lot of models, not sure how true is this.

There's always the question of baseband, for example, but regardless of it and many other things, the attack surface is much, much, much smaller. You *won't* be keeping your e-mails, full contacts info, etc., on the phone, simply because it is unable to cater for such a use. Hence, you will be this much safer, at the very least. -- Pozdr rysiek

Reply

Sign in to reply online Use email software

Bluelotus

3:10 p.m.

Dpnt have to go back as far as 1990's. This month, I purchased a Palm Treo 705p, released in 2006. External antenna, superior voice quality and qwerty keyboard. WebOS doesnt capture MAC addresses of nearby wifi devices like iphones, ipads, android and Windows do. No FM radio to hack air gapped computers. For articles see my submit history on reddit.com under user nme BadBIOSvictim. Verizon does not activate older phones. PagePlusCellular.com does. My other phone is a Palm Pre2 for the above reasons. Released in 2011. On July 23, 2014 10:04:13 AM EDT, Georgi Guninski wrote:

Are dumb phones sufficiently secure? Say something monochrome from the 90's? Heard rumors operators can update the firmware on a lot of models, not sure how true is this.

...
On Tue, Jul 22, 2014 at 5:21 AM, Georgi Guninski wrote:

...
Alleged IOS backdoors

http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attac...

...
Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices

note that Google is no better. back in 2011 i reported the abuse of Google Voice Search as easily accessible (no permissions required) and excellent for eavesdropping (always on should not be possible).

the more things change, the more they stay the same ;)

best regards,

---

'... nearly all Android devices equipped with Google Services Framework can be affected by GVS-Attack'

http://arxiv.org/abs/1407.4923 """ Previous research about sensor based attacks on Android platform focused mainly on accessing or controlling over sensitive device components, such as camera, microphone and GPS. These approaches get data from sensors directly and need corresponding sensor invoking permissions.

This paper presents a novel approach (GVS-Attack) to launch

On Tue, Jul 22, 2014 at 12:48:35PM -0700, coderman wrote: permission

...
bypassing attacks from a zero permission Android application (VoicEmployer) through the speaker. The idea of GVS-Attack utilizes an Android system built-in voice assistant module -- Google Voice Search. Through Android Intent mechanism, VoicEmployer triggers Google Voice Search to the foreground, and then plays prepared audio files (like "call number 1234 5678") in the background. Google Voice Search can recognize this voice command and execute corresponding operations. With ingenious designs, our GVS-Attack can forge SMS/Email, access privacy information, transmit sensitive data and achieve remote control without any permission.

Also we found a vulnerability of status checking in Google Search app, which can be utilized by GVS-Attack to dial arbitrary numbers even when the phone is securely locked with password. A prototype of VoicEmployer has been implemented to demonstrate the feasibility of GVS-Attack in real world. In theory, nearly all Android devices equipped with Google Services Framework can be affected by GVS-Attack. This study may inspire application developers and researchers rethink that zero permission doesn't mean safety and the speaker can be treated as a new attack surface. """

Reply

Sign in to reply online Use email software

3712

Age (days ago)

3713

Last active (days ago)

Download

4 comments

4 participants

tags

participants (4)

Bluelotus
coderman
Georgi Guninski
rysiek