Wednesday 12 November 2014

Malware Might Use a Voice Synthesizer to Bypass Security Controllers

Development in Voice Control Features

According to researchers, malware could use a voice synthesizer to sidestep some security controllers. Voice control features have been developed in order to provide PCs as well as smartphones with the ease of use especially for users with disabilities which could also provide hackers to bypass security issues and access data stored on devices.

Features which can be accessed could be good to a certain extent and can make it easy to control what could happen on the graphical user interface without the need of editing though if they are not designed properly, these features could also be misused.

At Georgia Tech, researchers have identified that they could sidestep security protocols with the use of voice controls in order to enter text or click buttons. The researchers have described in a paper on the work, on twelve ways in which to attack phones with Android, Ubuntu Linux and iOS operating systems which includes some that would need physical access to the device. This paper would probably be presented next week at the conference of the CCS’14 in Scottsdale, in Arizona.

Malware Attack on Smartphones

One such attack portrays how a type of malware could use Windows Speech Recognition in order to talk its way in running commands which would normally need a higher level of privilege. A demonstration portrayed indicate how malware can attack a smartphone and exploits the fact that Google Now, which is a voice controlled assistant which comes with an Android operating system could use a voice print instead of a typed pass code.

With Google Now you could do a lot of things like performing web searches, obtain translation, call and text messages, plan events and reminders, locate addresses and obtain directions, get sports updates, check out the weather forecast and much more. For voice control users, this is one of the greatest features of Android.

The researchers have also portrayed how an attacker would record the authentication phrase on a Moto X phone and also use a generic text to speech program for other commands as though it were the user.

Hackers Remotely Invade on Vulnerabilities 

According to the director of the National Security Institute, Radu Sion, at Stony Brook, University, he states that `this is an important wake up call for major OS vendors, Microsoft, Linux and Apple community while the Georgia Tech computer scientist, Wenke Lee, who led the work states that the issue appears to be the result of incorporating speech recognition along with other features in the phone being late in the development cycle.

According to him, the fundamental issues here are difficult to fix and these features were added only after the OS was implemented. Hence these features do not have the same kinds of security checks’.

According to Lee, hackers could invade on the vulnerabilities in a remote manner to initiate an attack on any device and though the phone which speaks to itself could be obvious to the user, a malicious app could keep track of motion data as well as wait till the phone does not move for some period of time indicating that the user was probably not nearby.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.