OK, got to admit, a clever line of thinking there. The way around this is to switch to <insert your carrier here>, no signal, no problem....hello, hello.
Malware gets your Android blabbering to HACKERS
Researchers from the Chinese University of Hong Kong have developed bizarre malware that dictates contacts, emails and other sensitive text data in order to steal it. In the novel attack a seemingly innocuous app that required no permissions called a bad guy's phone number and blabbered the stolen data out of the speakers and …
COMMENTS
-
-
Tuesday 29th July 2014 09:45 GMT RyokuMas
"Already working on an IOS version? Find "ok google" and replace with "siri"..."
Doubt that will work, given the hoops you have to jump through to get an app up on the store - same with Windows Phone, Amazon... compared to Play, where you just pay your $25 and upload away...
"The price of freedom is eternal vigilance..."
-
Tuesday 29th July 2014 17:40 GMT Blain Hamon
You know, I've joked about security through inability before...
Although this is probably intentional, Siri doesn't always listen like GVS; instead, you must press and hold the home button (or, if you have it enabled (it's disabled by default), hold the phone up to your ear) before it even starts listening. Access to the home button state (Both to read and to write) are not exposed to the app, so it's not currently possible to for the app to trigger this.
Mind you, what I just said was on a bog-standard iPhone. On a jailbroken iPhone, all bets are off.
-
Tuesday 29th July 2014 19:37 GMT Anonymous Coward
"hoops"
It requires zero permissions. Make it an alarm app with cat pictures for "cat health training" because everyone loves fitness apps, and that will pass scrutiny.
The only difference is I'd assume Apple would be quicker to take down any app found to have been reported. I doubt their current system scans for audio files specifically requesting "Siri browse to scamsrus.go.tu".
[edit]
Though it appears Apple have one good idea, user input before taking action. Google does not need this because it's there to collect data, not sell you pretty phones.
-
-
-
-
Tuesday 29th July 2014 12:41 GMT Anonymous Coward
Re: Zero permissions?
It uses the Google Voice Search to initiate the call, or that's the theory.
Theory... They play a sound file that says "Call <BadGuysPhoneNumber>" and GVS calls the number then they play sounds files to pass the information down the phone (Not sure how they get the information in the first place!)
what actually happens.. GVS says "Sending your're an a***hole message to Boss"
-
-