iPhone 4S has security flaws thanks to Siri

Kerry Butters

December 1, 2011
iPhone 4S

The iPhone 4S has a number of security flaws, due to the popular and newly introduced voice recognition driven digital assistant Siri.

The most glaring error it would seem, is the ability for anyone to be able to use Siri to make calls and so forth that picks up the device, even if it’s locked with a passcode.

On a locked phone, anyone can pick it up, press the home button down to launch Siri and voila, in effect they have full control of the device. That was an early established vulnerability with Apple’s shiny new smartphone.

Researchers at Trend Micro have also found that an attacker who has somehow managed to obtain and load a self-signed Apple certificate could intercept calls via Siri.

This is possible due to the authentication methods used by Apple to make Siri work and interpret what users are asking.

Whilst the Trend blog admits that this would have to be carried out by “a determined attacker”, it remains a fact that it’s possible.

The flaw is due to the protocols used by Siri, which sends the compressed audio file generated when a request is made to the app to an external server.

The file is converted to text, then mapped into commands that the 4S can understand before Siri answers the user’s question or command.

It is during this process that a potential man-in-the-middle attacker could use a certificate to gain access to the device by capturing Siri requests.

Then they can get up to all sorts of shenanigans, such as recording voice calls or forwarding calls to premium rate numbers.

However, this is all theoretical as no such attacks have yet been reported, they are simply possible.

According to Trend, “there are a number of ways Apple can fix this” with the most comprehensive solution being to make improvements to the authentication system.

There is a solution to the Siri problem on locked iPhones too, as we’ve documented before. Users can access settings for their phone’s passcode lock and ensure that the Siri option is set to “off”.

This ensures that the app can’t be accessed when the device is locked.

It has also been found that Carrier IQ is possibly installed on iOS devices too. One researcher has found evidence to suggest that this is the case but has so far been unable to prove that the tracking app works in anything other than diagnostic mode.

On a lighter note, a number of sites have popped up where users can post amusing responses given by the Siri app.

One user posted a response to the question: “What’s the best phone in the world”, to which the app replies: “There’s other phones?”

At least it has a sense of humour then.


Post a comment

Your email address will not be published. Required fields are marked *

Visited 4277 times, 1 so far today