[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Check those default iPhone settings...

To: "Full-Disclosure@xxxxxxxxxxxxxxxxx" <Full-Disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Check those default iPhone settings...
From: "Thor (Hammer of God)" <Thor@xxxxxxxxxxxxxxx>
Date: Sat, 3 Apr 2010 18:38:50 +0000

I recently discovered that my iPhone 3Gs' default setting for Voice Dial is set 
to "on" when the phone is locked.

If you have the 3Gs, you might want to check your settings.  I have my phone 
set to lock immediately and to wipe upon x number of incorrect unlock attempts, 
however, I missed the "Voice Dial - OFF" setting since it said "voice dialing 
is always enabled."   With it enabled (on), when the phone is locked, you can 
hold the menu button down, invoke the Voice Dial, and tell the phone to "Dial 
800-555-1212" and it will.   You can also say "Dial John" or something, and if 
you have multiple John's (insert "ex" joke here) then it will read them all off 
to you while displaying their full name on screen.  You can then select 
whichever one you want and it will dial them.

There are other far-fetched scenarios where you could intercept address entry 
phone number via GSM mitm or rogue base-station installs without ever unlocking 
the phone, but that's SciFi conspiracy fodder.   I guess social engineering 
would be easier with "Call Mom" or "Call work" scenarios, but again, that's 
more speculation.  Of course, it would be easy to find out someone's cell 
number by having a locked phone dial your own for caller id, but now I'm just 
making crap up to sound cool.    The most fun I had was making up crass and 
disgusting things to say to the phone and seeing who on my list it called.  It 
is actually uncanny how accurate it was when I called my phone a "limber di** 
**ck su***r and saw who it dialed. (For all you Deadwood fans out there).

Anyway, check your default settings if you have the iPhone.

t

Timothy "Thor" Mullen
www.hammerofgod.com<http://www.hammerofgod.com>
thor@xxxxxxxxxxxxxxx<mailto:thor@xxxxxxxxxxxxxxx>
[cid:image002.jpg@01CACD1E.7BD9BA60]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2027-1] New xulrunner packages fix several vulnerabilities
Next by Date: [Full-disclosure] [CORELAN-10-020] - ZipScan 2.2c .zip file Stack BoF
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2027-1] New xulrunner packages fix several vulnerabilities
Next by thread: [Full-disclosure] [CORELAN-10-020] - ZipScan 2.2c .zip file Stack BoF
Index(es):
- Date
- Thread