New Research Shows Vulnerability in Mobile Phones' Applications Offering Voice Communication Security
UAB News (11/05/14) Katherine Shonesy
Researchers at the University of Alabama at Birmingham (UAB) are studying the security vulnerabilities of video- and voice-over-Internet Protocol communications. The researchers developed attacks that uncovered vulnerabilities in a currently used security scheme, and once those weaknesses were identified, the team suggested alternatives that may protect against potential attacks, focusing on a peer-to-peer mechanism known as Crypto Phones. Crypto Phones is a security measure claiming to completely address the problem of wiretapping, in which users orally exchange information resulting from a cryptographic protocol employing Short Authenticated Strings to confirm each other's identity. The researchers found this security tool is vulnerable to automated voice mimicry attacks. One potential defense to these attacks could be the integration of an automated voice recognition or voice biometrics system into Crypto Phones, according to the researchers. "The results bring to light the threats of conceived voice privacy, and should serve as notice to users to pay careful attention to the potential security weaknesses in the future," says UAB Ph.D. student and project leader Maliheh Shirvanian. The researchers presented their findings this week at the 21st ACM Conference on Computer and Communications Security in Scottsdale, AZ.
Researchers at the University of Alabama at Birmingham (UAB) are studying the security vulnerabilities of video- and voice-over-Internet Protocol communications. The researchers developed attacks that uncovered vulnerabilities in a currently used security scheme, and once those weaknesses were identified, the team suggested alternatives that may protect against potential attacks, focusing on a peer-to-peer mechanism known as Crypto Phones. Crypto Phones is a security measure claiming to completely address the problem of wiretapping, in which users orally exchange information resulting from a cryptographic protocol employing Short Authenticated Strings to confirm each other's identity. The researchers found this security tool is vulnerable to automated voice mimicry attacks. One potential defense to these attacks could be the integration of an automated voice recognition or voice biometrics system into Crypto Phones, according to the researchers. "The results bring to light the threats of conceived voice privacy, and should serve as notice to users to pay careful attention to the potential security weaknesses in the future," says UAB Ph.D. student and project leader Maliheh Shirvanian. The researchers presented their findings this week at the 21st ACM Conference on Computer and Communications Security in Scottsdale, AZ.
No comments:
Post a Comment