Siri proxy adds tons of functionality, doesn’t require a jailbreak

siri-proxy

[Pete] has an iPhone 4s and loves Siri, but he wishes she had some more baked-in capabilities. While the application is technically still in beta and will likely be updated in the near future, [Pete] wanted more functionality now.

Since Apple isn’t known for their open architecture, he had to get creative. Knowing how Siri’s commands are relayed to Apple thanks to the folks at Applidium, he put together a proxy server that allows him to intercept and work with the data.

The hack is pretty slick, and doesn’t even require a jailbreak. A bit of DNS and SSL trickery is used to direct Siri’s WiFi traffic through his server, which then relays the commands to Apple’s servers for processing. On the return trip, his server interprets the data, looking for custom commands he has defined.

In the video below, he gives a brief overview of the system, then spends some time showing how he can use Siri to control his WiFi enabled thermostat. While the process only works while Siri is connected to his home network via WiFi, it’s still pretty awesome.

[Read more...]

Ask HackADay: Network Security Camera

Today we received the question,

“How to control a web cam via internet,
i want to use it for security reasons, always out of the house and my PC connected want to open the cam from time to time to checkout if something wrong!!”

- [Mohamed Saleh]

What a fun project we thought! And so many different ways of tackling it. Find out what we suggested to [Mohamed] after the break. [Read more...]

Home power monitoring

powermonitor

Reader [john] finished up his home power monitor over the holiday weekend. It uses a pair of current transducers clamped onto the mains. These output 0-3V and are read by the Arduino’s ADC. The Arduino averages samples over a 20 second period, calculates power used, and uploads it using an Ethernet Shield. The shield can’t do DNS lookups, so he uses a WRT54G to negotiate with the remote webserver. He admits that the system could be more accurate; it can’t detect small loads like wall warts. He also says that money could be saved by talking serial to the router instead of over ethernet. Here are the current usage charts.

You can find many power monitor projects like this in out Home Hacks category.

D-Link adds captcha to routers

D-Link is adding captcha support to its line of home routers. While default password lists have been abundant for many years, it was only recently that we started seeing the them implemented in malware. Last year, zlob variants started logging into routers and changing their DNS settings. It’s an interesting situation since the people who need the captcha feature are the ones who will never see it, since they won’t log in to change the default password.

[photo: fbz]

Apple finally fixes DNS bug

With today’s release of Security Update 2008-006 Apple has finally addressed this summer’s DNS bug. In their previous update they fixed BIND, but that only affects people running servers. Now, they’ve updated mDNSResponder. Clients are no longer susceptible to DNS cache poisoning attacks thanks to the inclusion of source port randomization.

The Security Update addresses some other interesting bugs. Time Machine was saving sensitive logs without using the proper permissions, so any user could view them.

[photo: edans]

Dan Kaminsky’s DNS Black Hat video


Black Hat has published the media from Dan Kaminsky’s infamous DNS vulnerability talk. You can get the full video (101MB) or just the audio.

The full archive of slides and white papers from this year has been posted too.

Black Hat 2008: Dan Kaminsky releases DNS information


[Dan Kaminsky]‘s much anticipated talk on his DNS findings finally happened at Black Hat 2008 in Las Vegas today. [Dan] has already uploaded the complete slides from his talk as well as posted a short summary to his site. New information in the slides since our previous coverage includes “Forgot My Password” attacks and new attacks on internal network vulnerabilities as a side of effect of DNS cache poisoning. [Dan]‘s talk today was over capacity; our shot of the conference room overflow is shown above.

Follow

Get every new post delivered to your Inbox.

Join 94,499 other followers