Community
Spear phishing is a powerful fraud technique. The objective is to get sensitive/confidential data which can then be used to mount at attack. A combination, for example, of my home and mobile numbers, as well as my work and personal email addresses is a valuable tool in "capable" hands.
Obtaining such data is not easy, but Siri can help.
Grab your target's LOCKED (!) iPhone, then press and hold the Home button to wake up Siri. Ask her for "My name". Then for "My email address".
Next, request data on "My wife" (Siri prefers "My spouse", actually). Then try some names - e.g. John or Peter - to get FULL details from Address Book. Try "Lloyds" ("Barclays", "HSBC" and other major banks) to see what useful data is available there.
You can send SMS to or call any of the numbers you see. Very handy if your target has some number for alternative low-cost telecom companies - dial the access number, then you can all anyone in the world, for FREE! With the phone still locked...
I'll leave the rest to your imagination. (Siri won't show your photos or launch apps - you do need to enter PIN for that - but there are some other neat tricks for exploiting that security hole, which I won't describe here...)
Enjoy!
Apple has the best security implementation in the industry, both on the s/w and h/w levels. I do hope it tells Siri off soon, especially if Apple is serious about entering the payments playground.
P.S. Apparently, that Siri exploit is an old hat: it's been known since... 2011.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Parminder Saini CEO at Triple Minds
09 October
Teymour Farman-Farmaian CEO at Higlobe
Stanley Epstein Associate at Citadel Advantage Group
Monica Eaton Founder & CEO at Chargebacks911 and Fi911
07 October
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.