Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Check those default iPhone settings...

From: "Thor (Hammer of God)" <Thor () hammerofgod com>
Date: Sat, 3 Apr 2010 18:38:50 +0000
I recently discovered that my iPhone 3Gs' default setting for Voice Dial is set to "on" when the phone is locked.

If you have the 3Gs, you might want to check your settings.  I have my phone set to lock immediately and to wipe upon x 
number of incorrect unlock attempts, however, I missed the "Voice Dial - OFF" setting since it said "voice dialing is 
always enabled."   With it enabled (on), when the phone is locked, you can hold the menu button down, invoke the Voice 
Dial, and tell the phone to "Dial 800-555-1212" and it will.   You can also say "Dial John" or something, and if you 
have multiple John's (insert "ex" joke here) then it will read them all off to you while displaying their full name on 
screen.  You can then select whichever one you want and it will dial them.

There are other far-fetched scenarios where you could intercept address entry phone number via GSM mitm or rogue 
base-station installs without ever unlocking the phone, but that's SciFi conspiracy fodder.   I guess social 
engineering would be easier with "Call Mom" or "Call work" scenarios, but again, that's more speculation.  Of course, 
it would be easy to find out someone's cell number by having a locked phone dial your own for caller id, but now I'm 
just making crap up to sound cool.    The most fun I had was making up crass and disgusting things to say to the phone 
and seeing who on my list it called.  It is actually uncanny how accurate it was when I called my phone a "limber di** 
**ck su***r and saw who it dialed. (For all you Deadwood fans out there).

Anyway, check your default settings if you have the iPhone.

t

Timothy "Thor" Mullen
www.hammerofgod.com<http://www.hammerofgod.com>
thor () hammerofgod com<mailto:thor () hammerofgod com>
[cid:image002.jpg@01CACD1E.7BD9BA60]





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: