[Pete] has an iPhone 4s and loves Siri, but he wishes she had some more baked-in capabilities. While the application is technically still in beta and will likely be updated in the near future, [Pete] wanted more functionality now.
Since Apple isn’t known for their open architecture, he had to get creative. Knowing how Siri’s commands are relayed to Apple thanks to the folks at Applidium, he put together a proxy server that allows him to intercept and work with the data.
The hack is pretty slick, and doesn’t even require a jailbreak. A bit of DNS and SSL trickery is used to direct Siri’s WiFi traffic through his server, which then relays the commands to Apple’s servers for processing. On the return trip, his server interprets the data, looking for custom commands he has defined.
In the video below, he gives a brief overview of the system, then spends some time showing how he can use Siri to control his WiFi enabled thermostat. While the process only works while Siri is connected to his home network via WiFi, it’s still pretty awesome.
Continue reading “Siri proxy adds tons of functionality, doesn’t require a jailbreak”
We may have all been eagerly awaiting the arrival of the PS3 slim, but don’t get too excited yet. According to an official press release from Sony, the PS3′s slimmer counterpart is dropping the ability to install Linux or another operating system. It’s always a shame when new products come packed with less features, but this time, it’s preventing us from doing things like cracking SSL using 200 of the consoles, or running emulators from an Ubuntu install on the console. For those of us that still plan on keeping our “old” PS3s, Yellow Dog Linux has been released on a USB stick and allows you to run without having to do a full installation.
[via Download Squad]
Update: The video of [Moxie]‘s presentation is now online.
[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently stumbled across something thing that makes the attack even more effective.
Continue reading “Black Hat 2009: Breaking SSL with null characters”
Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.