Not The Wizard

Oz Solomon's Blog

Category: Random

Air-Gapped “Hey Siri” Attacks on iPhones [u]

Yesterday I was watching Tim Cook announce the new iPhone 6s. My iPhone happened to be plugged in at the time, so when Time said “Hey Siri”, my phone came alive and started processing everything he was saying.

Now imagine that same scenario one year from now when half the audience has iPhone 6s’s with always-on Hey Siri functionality…

That got me thinking that this could potentially be a new attack vector for iOS penetration.  I’m not saying it would be easy to discover, but you could imagine a bug in Siri where you would play some synthesized sounds after Hey Siri and the phone crashes, or worse.

Even without such nefarious intentions or technical capabilities, always-on Hey Siri is a dream for every prankster with a megaphone.

Update: Now that I’ve had the chance to actually test out iOS 9 it’s pretty obvious that Apple’s engineers have thought this through.  “Hey Siri” was changed to respond only to your own voice.

 

Have I Been Pwned?

have-i-been-pwnedDue to the recent discovery of 5 million leaked gmail passwords, I went looking for a place to verify that addresses of friends and family aren’t on the list.

I happened to come by a great site called , created by Miscrosoft MVP Troy Hunt, which can test your email against many data breached.  Better yet, you can sign up and have it notify you if your email is part of any future compromise.

Highly recommended!

See the Actual “To” Address in Outlook

My Outlook is connected to an Exchange account that accepts emails for multiple domains.  When I open up the emails, Outlook always displays my name in the To field, but doesn’t show which email (i.e. which domain) the mail was actually sent to.

I decided that manually checking the mail headers for this information was a dumb way to do things, so I wrote a little macro to automate this little task.  Hopefully some of you out there will find it useful.

Installation Instructions

  1. Press Alt+F11
  2. On the left hand side, expand the tree until you see ThisOutlookSession.  Make sure ThisOutlookSession is highlighted.
  3. Paste the code from below
  4. Close the Visual Basic window
  5. Attach the new macro to a toolbar item.  The way to do this varies with your version of Outlook.  For example, in Outlook 2007:
    1. Open any email
    2. Press the down arrow on the right side of the quick access toolbar
    3. Select “More Commands”
    4. In the “Choose Commands From” dropdown, select “Macros”
    5. Add the macro to the right hand side
    6. (Optional) Change the icon by highlighting the macro and selecting Modify.
  6. You can add the macro either to the “view email” screen as I explained above, or to the toolbar of the main inbox screen.

Enjoy!

 

 
Added Dec 17: To ensure the macro isn’t blocked by the Outlook macro security settings, follow the instructions in this article to sign your own macros.

Multimedia Keyboards – How to Prevent Multiple Outlook Instances From Opening

Multimedia KeyboardIf you have a modern keyboard, it most likely has a Mail key on the top row which will launch your mail client.  I prefer to use this key not only as a means to launch my mail client, but also as a shortcut for switching to it.

Unfortunately, by default, if Outlook is your mail client, hitting the Mail key repeatedly opens multiple copies of Outlook.  Fortunately, the fix is easy:

  1. Launch the Registry Editor by hitting Win+R and typing regedit in the dialog box.
  2. When the Registry Editor opens, navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\15. (You should see the following value there: Association=mailto)
  3. From the Edit menu pick New -> String Value
  4. In Name, type ShellExecute
  5. In Data, type outlook.exe /recycle

That’s it!  You can now hit the Mail key multiple times.

I use Microsoft keyboards but this should hopefully work with other manufacturers’ keyboards as well.

Tip: Don’t install the special Microsoft Keyboard software that came with your keyboard or that is offered to you via Windows Update – it will mess things up.

© 2018 Not The Wizard

Theme by Anders NorenUp ↑