iStock_000016812416Small

Mobile Sunday: GoogolPlex Hack Takes Siri To Risky Levels

Apr 27, 2014 By Sharon Solomon

Imagine unlocking your car by simply talking to your iPhone. Or would you rather chat with your washing machine or dish-washer while at work? All these actions can soon become possible thanks to an innovative Siri hack called GoogolPlex, which was developed and implemented by a group of American youngsters.

GoogolPlex was recently demonstrated by a group of freshmen from the University of Pennsylvania – Ajay Patel, Alex Sands, Ben Hsu and Gagan Gupta. They managed to manipulate the Siri feature, which is preinstalled in all Apple devices running the latest iOS 7 software.

While very convenient and functional, this unofficial hack can potentially enable cybercriminals to infiltrate people’s homes and cars to achieve harmful results. Apple has refused to comment on the revelations and no security patch has been released so far.

The GoogolPlex POC was presented during the annual PennApps Hackathon, sponsored by software and social media giants Google and Facebook. The aforementioned project took third place overall, receiving positive reviews for exposing the vulnerability in the iOS platform and for providing a sneak-peek into what the future of mobile technology holds.

GoogolPlex is a very straightforward concept in reality. The hack provides the user with unlimited access to the iPhone apps using Siri. While this can bring unlimited functionality, only a few examples were exhibited at the event – picking a song on Spotify, controlling a Nest thermostat and the showstopper was the unlocking of a Tesla car.

This is how it works. Any command starting with GoogolPlex is interpreted by Siri as “Google, Plex…“. Siri then initiates a Google search, but the communication between the secure servers is obstructed with a custom-made proxy server. The custom server spoofs the Google server and intercepts all commands sent via Siri, a classic man-in-the-middle hacking.

<To Download and Enjoy Googlolplex – Click Here>

The aforementioned app can be installed quickly and uses Apple’s very own Safari browser. It currently works only on WiFi networks and has its fair share of bugs, but the University of Pennsylvania youngsters have provided Apple with a serious vulnerability to deal with. It’s safe to assume that some sort of “GoogolPlex-blocker” is already in the works.

With so much information, data and money at stake, mobile phone manufacturers must develop safer software. Users worldwide need secure mobile platforms to work with.

Source: The Four Loop Siri Hack

The following two tabs change content below.

Sharon Solomon

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.