back to article Siri? Are you seeing another man?

A group of computer scientists from Italy and Poland reckon they can use steganography to hide covert messages in users' voice commands to Siri. What's interesting about the work, described in this paper at Arxiv, is that it doesn't involve installing new software on the target device. Rather, iStegSiri would exist as a man-in …

  1. William Donelson

    "Jailbroken device" ....

    Don't waste our time with crap like this.

    1. Kanhef
      FAIL

      RTFA

      Particularly the parts where they say it would work equally well with Google Voice on Android, or with VoIP phones.

      1. Handy Plough

        Re: RTFA

        So WTAF is Siri the main focus of the TFA? Like the OP said; stop wasting our time with crap like this.

    2. mythicalduck

      But that's something I don't get - because previously, it stated "is that it doesn't involve installing new software on the target device."

      So why do you need a jailbroken phone if you're not installing anything?

  2. Anonymous Coward
    Anonymous Coward

    What they're really saying

    Is that this could be done on anything that uses digitized voice, from telephones to voice commands. They mentioned Siri since "potential security problem in Siri" draws headlines. Though I would have thought "terrorists can use steganography to send hidden messages even on lines tapped by the authorities" might garner them a chunk of research funds. Too bad they aren't smart enough to think of that.

    Nevermind that the old fashioned code word method is a lot simpler and has a higher data rate, but I guess they're researching steganography and trying to claim it is some serious issue...

    Its getting to the point where I kind of tune out any researchers talking about security issues having to do with Apple, when they later reveal the issue isn't specific to Apple at all. It is like a producer talking about a new movie and suggesting "maybe Tom Cruise will play the lead role" to get publicity even though he's never spoken to him about it.

  3. frank ly

    If you want bandwidth ...

    ... hide messages in YouTube videos. It would be a lot easier to do and the 'security' services would be swamped with data if they tried to find them.

    1. Robert Helpmann??
      Childcatcher

      Re: If you want bandwidth ...

      You could just as well stand behind a person with a phone and use a device to convert your voice to extremely high pitched sounds with the person you are talking to similarly lurking on the other end of the line with a decoder. It would be similarly practical but way more cool. It wouldn't even require a jailbroken phone.

  4. Samizdata
    Headmaster

    This is El Reg, not The Gruniad...

    "As the researchers told IEEE Spectrum, iStegSiri is a proof-of-concept designed to try and get the security community to pay better attention to *seganography-based* attacks."

    Seganogaphy? I understand the need for hot news, but, really lads..

  5. Lallabalalla

    Ooh look how clever *we* are

    We did a thing, because we can. And it got reported. So it must be a valuable contribution.

    Or something.

  6. just another employee

    Why ? What ? Who ? How ? etc

    "a typical 16-digit credit card number can be transmitted in about 2 minutes"

    (Who) the hell spends over two minutes talking to their phone (be it Siri or the Wife?) ?

    And assuming an attacker can add a credit card number into my Siri channel (Why?) - (how) do they get it to Bob ?

    What's the point. The researchers will get an award or something and end up earning more than most of us because of it.

    Yes Vicar - I would like some more tea too.

  7. Anonymous Coward
    Anonymous Coward

    Can't get the staff...

    "... the iOS device captures, packetises and transmits a user's request ..."

    *packetises* - WTF?!!

  8. Chris 3

    It's articles like this...

    That make me yearn for the dear, departed 'rate this article' widget, so I could hit '1'.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like