Researchers at the Warsaw University of Technology and the National Research Council of Italy have found a security vulnerability, called iStegSiri, in the iPhone 5 series of smartphone. The security flaw could be exploited by malicious software and compromise a user's personal information via Siri, the phone's personal assistant program.
The defect relies on steganography, a technique that hides the fact that a secret message has ever been sent. The researchers say they wanted to create a steganographic attack on the iPhone or iPad to get the attention of the security community because current security systems are not able to counter steganography very well.
IStegSiri converts a secret message into an audio sequence that mimics the alternation of voice and silence found in a typical spoken directive. When the message is sent to the cloud server, an unknown third party could inspect the conversation and apply a decoding scheme to extract the data.
The researchers say the best ways to counter this kind of security hole are solutions that act on the side of the server, such as dropping any connections to the server that involve suspicious audio patterns that deviate from typical language behaviors.
From IEEE Spectrum
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA