All posts by mlb9252

Siri, the beloved iPhone companion’s speech recognition tool has been cracked.

The good people at Applidium decided to do a little reseach about Siri, the voice recognition technology behind Apple’s new iPhone 4S. Using tcpdump, they discovered that the technology is sending requests over to an apple server located here, at http://17.174.4.4.

They had a desire to look more into the protocol, so they make their own certificate and added it to their iPhone 4GS. Once that was done, they were seeing every time the iPhone sent a request, the request was being sent to their server and not the official iPhone server. From the information displayed in cleartext, they were able to view the protocol, and all fields associated with it.

So what was learned by this? Apple is very thorough with their technologies.  The iPhone sends your voice directly to the server for interpretation, and then the voice commands are sent back to the phone, along with a confidence score for every transcribed word. I can’t even speculate the value of this, but I’m sure there is some reason.

For the full article, and to download their tools for making your very own Siri server, visit their blog here:

http://applidium.com/en/news/cracking_siri/

What are Rainbow Tables?

Rainbow tables are a very interesting method for hackers to ‘crack’ passwords. Instead of relying on CPU power to crack passwords, the rainbow table method favors storage ability over computational power. I’ll give an example.

Let’s say you’re password is ILoveCyberSelfDefense
For the sake of convenience, let’s say the algorithm used to encrypt the password is MD5. The attacker retrieves the MD5 version of the password, which is:

8601e7f0544ec7b2b64723ab8a583541

This isn’t useable yet to the attacker, so they will need to do one of two things. They can either make the computer attempt a brute-force attack on the password, or they can check for an entry on a MD5 rainbow table. The user would input the above MD5 hash in the search. If there is a result, it will pop up almost instantly. Otherwise, the user is out of luck and could try a bruteforce attempt.

So what is the catch? A computer still has to manually generate every entry in the rainbow table list, and that takes time and a TON of storage space. So like everything else in this business, it’s a trade off. Do we want to save a ton of time, or do we want to get the answer instantly, but have a hard drive or two with stored passwords?

Bypassing an iPad 2’s Passcode Lock

Only a few weeks ago, someone posted on this blog about the top devices that pose serious security risks to companies.  On that list was Apple’s iPad, and at first I cried bloody murder.  Apple’s application store provides a unique level of security in the device’s market that the android market has yet to provide.

I thought it was ridiculous that some security blog would consider the iPad to be a major security risk (unrooted) just because of the number of corporations that used such devices. Of course, I was wrong.

Above is a video of how to bypass the passcode lock of an iPad 2 using a very simplistic ‘hack’. You only need to bring up the screen asking for the passcode, hold the lock button down until the power off screen is brought up, close the screen, and hit cancel.

Granted, this method only allows you access to the application that was previously open when the device was ‘locked’.  So this could either do no damage to the user if the user had the home screen open, or it could do horrendous damage to the user and company if the email client was open.

Apple will certainly get around to patching this security risk, but how many users won’t update to it?  How many devices could be bricked because of the update?  How many other security flaws aren’t we seeing?

Stuxnet is Evolving (Duqu)

It’s no surprise to see a return of the infamous stuxnet virus. With the source code being so readily available, it was only a matter of time.

This time the virus isn’t designed to really ‘attack’ anything, but rather gather information for a future attack. In the original stuxnet attack, stolen certificates were taken from both Siemens and Realtec. This time, the certificate was stolen from Symantec.

Once again, the attacking body is unknown, and the intentions are unknown. Only time will tell what this virus has done. The threat is still very new.

Article 1
Article 2
Article 3

 

 

 

 

 

Risk Assessment of an Air Dancer

Air Dancers, more informally known as “Wacky Wavy Inflatable Arm-Flailing Tubemen” have recently infected our campus. Perhaps we should take a look at the assets and weaknesses of these air dancers from a security standpoint.

Their assets include:

  • Attracting customers
  • Entertainment
  • Attracting attention
  • Substitute scarecrow
  • Scarecrow
However, not everyone loves the air dancers as you and I.  Their Potential Adversaries, Threats, and Weaknesses include:
  • Heavy Rain
  • Power outages
  • Very heavy wind
  • Overhead electrical lines
  • Trees
  • Vehicles and lawnmowers
  • Holes in plastic
  • Blower motor failure
  • Unstable ground leading to falling over
Possible defenses include:
  • Placing the air dancer on a platform so rain will go underneath the dancer, and the dancer will have stable ground and will not fall over.
  • Turn it off when hurricane force winds come to Rochester.
  • Don’t place under electrical wires/trees.
Here is the risk map: