Sign In

Communications of the ACM

ACM TechNews

Malware Could Steal Data From Iphones ­sing Siri


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
An iPhone user using the Siri personal assistant program.

A security vulnerability in iPhone 5s could be used to compromise a user's personal information via the Siri personal assistant program.

Credit: Ian Waldie/Bloomberg/Getty Images

Researchers at the Warsaw University of Technology and the National Research Council of Italy have found a security vulnerability, called iStegSiri, in the iPhone 5 series of smartphone. The security flaw could be exploited by malicious software and compromise a user's personal information via Siri, the phone's personal assistant program.

The defect relies on steganography, a technique that hides the fact that a secret message has ever been sent. The researchers say they wanted to create a steganographic attack on the iPhone or iPad to get the attention of the security community because current security systems are not able to counter steganography very well.

IStegSiri converts a secret message into an audio sequence that mimics the alternation of voice and silence found in a typical spoken directive. When the message is sent to the cloud server, an unknown third party could inspect the conversation and apply a decoding scheme to extract the data.

The researchers say the best ways to counter this kind of security hole are solutions that act on the side of the server, such as dropping any connections to the server that involve suspicious audio patterns that deviate from typical language behaviors.

From IEEE Spectrum
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found