Alleged IOS backdoors

Georgi Guninski guninski at guninski.com
Wed Jul 23 07:04:13 PDT 2014


Are dumb phones sufficiently secure?
Say something monochrome from the 90's?
Heard rumors operators can update the
firmware on a lot of models, not sure
how true is this.

On Tue, Jul 22, 2014 at 12:48:35PM -0700, coderman wrote:
> On Tue, Jul 22, 2014 at 5:21 AM, Georgi Guninski <guninski at guninski.com> wrote:
> > Alleged IOS backdoors
> >
> > http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms.pdf
> >
> > Identifying Back Doors, Attack
> > Points, and Surveillance
> > Mechanisms in iOS Devices
> 
> note that Google is no better. back in 2011 i reported the abuse of
> Google Voice Search as easily accessible (no permissions required) and
> excellent for eavesdropping (always on should not be possible).
> 
> the more things change, the more they stay the same ;)
> 
> best regards,
> 
> 
> ---
> 
> '... nearly all Android devices equipped with Google Services
> Framework can be affected by GVS-Attack'
> 
> 
> http://arxiv.org/abs/1407.4923
> """
> Previous research about sensor based attacks on Android platform
> focused mainly on accessing or controlling over sensitive device
> components, such as camera, microphone and GPS. These approaches get
> data from sensors directly and need corresponding sensor invoking
> permissions.
> 
> This paper presents a novel approach (GVS-Attack) to launch permission
> bypassing attacks from a zero permission Android application
> (VoicEmployer) through the speaker. The idea of GVS-Attack utilizes an
> Android system built-in voice assistant module -- Google Voice Search.
> Through Android Intent mechanism, VoicEmployer triggers Google Voice
> Search to the foreground, and then plays prepared audio files (like
> "call number 1234 5678") in the background. Google Voice Search can
> recognize this voice command and execute corresponding operations.
> With ingenious designs, our GVS-Attack can forge SMS/Email, access
> privacy information, transmit sensitive data and achieve remote
> control without any permission.
> 
> Also we found a vulnerability of status checking in Google Search app,
> which can be utilized by GVS-Attack to dial arbitrary numbers even
> when the phone is securely locked with password. A prototype of
> VoicEmployer has been implemented to demonstrate the feasibility of
> GVS-Attack in real world. In theory, nearly all Android devices
> equipped with Google Services Framework can be affected by GVS-Attack.
> This study may inspire application developers and researchers rethink
> that zero permission doesn't mean safety and the speaker can be
> treated as a new attack surface.
> """



More information about the cypherpunks mailing list