Hypothetical hacking: Vol. 1

This was another long travel day, so this is going up late.

I decided to start a thing on this blog. Hypothetical hacking is where I’ll think through a theoretically possible attack on something that has not yet been attacked (to the best of
anyone’s knowledge.)

As I was driving home, I thought about how I could possibly write a blog post and drive at the same time and I naturally thought of dictating it to my phone. Voice controls are a fast developing area with Apple’s Siri and Google’s own offerings becoming marquee features. It got me wondering as to how exactly these services work and how well secured they are.

I’ll just focus on Siri for now. A group of researchers dissected the service by providing a false certificate. This tells us that in practice, the service is secured, and unless you specifically break the security on your iPhone, your Siri requests will go directly to Apple’s servers.

The interesting thing from this research was that they found the voice recording was encoded, compressed, and sent to the server. I suspected this was the case, since they need to collect different voice data to properly understand every accent and dialect, but I wasn’t 100% sure. Knowing this now, I got to thinking about how this could be exploited.

This would have to be a highly targeted attack, with a huge bankroll behind it. It’s probably better suited for a Hollywood screenplay than a real life situation, but it is theoretically possible, and that is the point of these posts. Our target is an extremely important person, high up in government or some industry where there are highly secured areas. One area this person has access to is guarded with a voice recognition system*.

In order to gain access, our attackers need the victims voice recorded saying a variety of phrases which could be require by the system. They learn that the victim utilizes Siri, and hatch a plan.

They are going to harvest Siri requests over the course of several months, and build a database of the victim’s voice. There are two ways to go about it. One would be to gain access to Apple’s server directly, either by getting employed there or coercing a current employee with access to Siri’s database.
The other way would be to hack the default DNS server and trusted certificates of the victim’s phone much like the security researchers did. Perhaps they would prepare an otherwise identical phone to the victim’s (if they hacked into his iCloud backups, they could easily restore all expected contacts and apps), and swap it when left unattended for a moment.

Now they collect the data they need and strike when ready.

*here is an easier way to break a voice control system. (Last two paragraphs)