how to covertly leak data from ios?

1

Vysoká škola ekonomická v Praze, Náměstí Winstona Churchilla 1938/4 How to covertly leak data from iOS? Luca Caviglione, Wojciech Mazurczyk www.arxiv.org Keywords: information hiding, Siri, leak, secret Filip Zíbar 19.11.2014 Along the spreading of malicious software, the attention of potentional victims as well as security experts is raising. The information hiding technique is a method which allows this maleware to comunicate without being noticed nor recognized. As in smartphones is stored plenty of personal information and sensitive data, they are on top of the list for confidential data theft. Yet only few malware application do that by using information hiding technique. For its popularity increase, the iOS raised awareness of malware developers. In April 2014, the Apple-ID and the password from jailbroken iPhone could be leaked by running malicious dynamic library. iStegSiri designated by the authors is the first attempt to covertly leak data from iPhone without needing additional application. For exchanging secrets, both of the involved peers insert them within a carrier. The amout of inserted information is limited in order to transmit covertly. Siri is an assisstant application, which allows user to interact with an iPhone with a voice. The iPhone sends packets with a voice to the Apple server where the voice is translated and packets with the text are send back. This process can be good carrier for hiding data, because it does not need any alternation of device nor software. The iStegSiri controls shape of generated traffic to insert secrets. The secret has to be firstly converted into audio sequence in form of voice and silence. Then it is given to the Siri and send towards the apple server. Eventually the secret is extracted by its recipient, who passively inspects generated traffic by using transparent proxies. The decoding algrotithm then determine wether the stream of throughput values is voice or silence (1 or 0). It would take 2 minutes to iStegSiri to transmit credit card number. The limitation of iStegSiri is also fact that it needs acces to the internals of the service. It means that it only works on jailbroken iPhones.

Upload: fi3ta

Post on 13-Feb-2016

226 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

DESCRIPTION

information hiding, Siri, leak, secret

TRANSCRIPT

Page 1: How to covertly leak data from iOS?

Vysoká škola ekonomická v Praze,

Náměstí Winstona Churchilla 1938/4

How to covertly leak data from iOS?

Luca Caviglione, Wojciech Mazurczyk

www.arxiv.org

Keywords: information hiding, Siri, leak, secret

Filip Zíbar

19.11.2014

Along the spreading of malicious software, the attention of potentional victims as well as

security experts is raising. The information hiding technique is a method which allows this

maleware to comunicate without being noticed nor recognized. As in smartphones is stored

plenty of personal information and sensitive data, they are on top of the list for confidential

data theft. Yet only few malware application do that by using information hiding

technique. For its popularity increase, the iOS raised awareness of malware developers. In

April 2014, the Apple-ID and the password from jailbroken iPhone could be leaked by

running malicious dynamic library. iStegSiri designated by the authors is the first attempt

to covertly leak data from iPhone without needing additional application. For exchanging

secrets, both of the involved peers insert them within a carrier. The amout of inserted

information is limited in order to transmit covertly. Siri is an assisstant application, which

allows user to interact with an iPhone with a voice. The iPhone sends packets with a voice

to the Apple server where the voice is translated and packets with the text are send back.

This process can be good carrier for hiding data, because it does not need any alternation

of device nor software. The iStegSiri controls shape of generated traffic to insert secrets.

The secret has to be firstly converted into audio sequence in form of voice and silence.

Then it is given to the Siri and send towards the apple server. Eventually the secret is

extracted by its recipient, who passively inspects generated traffic by using transparent

proxies. The decoding algrotithm then determine wether the stream of throughput values is

voice or silence (1 or 0). It would take 2 minutes to iStegSiri to transmit credit card

number. The limitation of iStegSiri is also fact that it needs acces to the internals of the

service. It means that it only works on jailbroken iPhones.

An fMRI investigation of covertly and overtly produced mono- and multisyllabic words

Florida Roof Leak Presents The Roof Leak in USA

Advances In Single Packet Authorization...Security Software Vulnerabilities Cisco IOS Firewall Authentication Proxy Buffer Overflow Vulnerability IPsec ESP Information Leak Vulnerability

Scientech Stresswave SRV Leak Detectionfamos.scientech.us/PDFs/2015_Symposium/Scientech... · Scientech Stresswave SRV Leak Detection ... Piezoelectric accelerometer ... Valve Leak

Chapter6 leak detection - METROVAC leak detection.pdf · Local Leak Detection 1 Test object 2 Leak detector 3 Search gas cylinder ... Quantitative determination of the leak rate,

The Oil Leak The il Leak

High Voltage Leak Detector for non-destructive leak

GPS Vehicle tracker - Rewire Security · NOTE: 4.2.1 To prevent theft of the device, it should be installed as covertly as possible. Covertly installation is suggested. 4.2.2 Avoid

Autonomous Leak Detection Algorithm Autonomous Leak Detection

Evans PLHT Series Presslok Cleanliness & Leak Tests PRESSLOK... · Evans PLHT Series Presslok Cleanliness & Leak Tests ... Inboard Test Outboard Test Starting Leak Rate Final Leak

Specialist in leak testing & leak detection since 1973 - … in leak testing & leak detection ... knowledge of helium leak testing is ... preferred supplier of leak test equipment

Optimizing Leak Abatement with Improved Leak Data ... · Bullet slide Optimizing Leak Abatement with Improved Leak Data Acquisition and Analysis AGA State Affairs Committee Meeting-

USER MANUAL - Automatic Leak Testing machines & Leak Test

Don't Leak Leads - Leak Stats and Insights by ReachLocal

Fleet Maintenance EQUIPMENT & SUPPLIES · • Air Conditioning Leak Detector • Diesel Fuel Supplement • Gas Leak Detector • Power Steering Leak Detector • Radiator Leak Detector

Optical Leak Testing Technology - NorCom Systems Inc · Cumulative Helium Leak Detection ... and Bubble Leak Testing Helium absorption on the package body ... Optical Leak Testing

ProjectSauron: top level cyber-espionage platform covertly extracts encrypted ... · · 2016-08-14cyber-espionage platform covertly extracts encrypted government comms By GReAT

Covertly Controlling Choices Manipulating Decision Making

PORTABLE HELIUM LEAK DETECTOR FOR … · PORTABLE HELIUM LEAK DETECTOR FOR BIOPHARMACEUTICAL APPLICATIONS Leak Testing for Biopharmaceutical Applications

Digital leak location correlator - Water leak detection ... · Digital leak location correlator ... •Optimum performance in difficult leak detection situations ... Internal accelerometer

Leak Alert - images-na.ssl-images-amazon.com · Following devices/operating systems are supported for The Detector operation: iPhone/iPad – iOS version 9.0 or later Android –

Leak Detection and Location Systems - … Leak System/CommercialBr… · Leak Detection and Location Systems ... ith the point sensing approach to leak detection, liquid must reach

SF6 Leak Reduction Using On-line Leak Sealing

How Google Maliciously and Covertly Uses It’s Technology To … · 2019-11-13 · How Google Maliciously and Covertly Uses It’s Technology To Attack It’s Political Enemies and

Practical Covertly Secure MPC for Dishonest …Practical Covertly Secure MPC for Dishonest Majority – or: Breaking the SPDZ Limits Ivan Damg˚ard 1, Marcel Keller 2, Enrique Larraia

Varian, Inc. Leak Detection Vacuum Technologies...7 Varian, Inc. Vacuum Technologies Leak Detection Leak Detectors Description Shipping Weight kg (lbs) Part NumberVSSeries Leak Detectors

Leak detection techniques Helium Leak Testing Techniques ... · September 2009 Helium Leak Testing Techniques for Industry. Leak detection techniques

E6 Water Leak Detector - Kele Level/PDFs/BAPI Water Leak... · Water Leak Detector List Your Price Order Ordering Information Water Leak Detector BA/ BAPI Product Design Leak Detector