Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sound-Based Device Authentication Has Many Possibilities (Video)

Posted by Roblimo on from the it's-so-secret-we-don't-even-want-the-government-to-know-about-it dept.

Imagine a short (audio) squawk, less than one second long, as a secure authentication method for cell phones or other mobile devices. A company called illiri has developed (and has a patent pending on) a method to do exactly that. The company is so new that its website has only been up for a month, and this interview is their first real public announcement of what they're up to. They envision data sent as sound as a way to facilitate social media, mobile payments (initially with Bitcoin), gaming, and secure logins. Couldn't it also be used for "rebel" communications, possibly by a group of insurgents who want to overthrow the Iranian theocracy? Or even by dissidents in Russia, the country our interviewee, illiri co-founder Vadim Sokolovsky, escaped from? (And yes, "escaped" is his word.) And, considering the way illiri hopes to profit from their work, should they think about open sourcing their work and making their money with services based on their software, along with selling private servers that run it, much the way Sourcefire does in its industry niche? Their APIs are already open, so moving entirely to open source is not a great mental leap for illiri's management. In any case: Is their idea worthwhile? Are there already ways to achieve the same results? Is illliri's way enough better than existing mobile device security systems that it's worth exploring? And would it be better, not just for the world in general, but as a way to help illiri's founders make a living if their software was open source? (Transcript included)

9 of 56 comments (clear)

  1. Imagine by Russ1642 · · Score: 2

    Ok, I'm imagining how stupid this is.

    1. Re:Imagine by Russ1642 · · Score: 2

      These boneheads would probably implement it as a voice that actually says "one" "zero" "zero" "zero" "one" "one" "zero" "one" "zero" "one" "one" "one"

    2. Re:Imagine by Marxist+Hacker+42 · · Score: 2

      Sadly, so does a quarter of the human race

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  2. PATENTED? HA! by dmitrygr · · Score: 4, Funny

    using sound to send data....sort of like a modem?

    --
    -------
    1. Enjoy your job
    2. Make lots of money
    3. Work within the law

    Choose any two.
    1. Re:PATENTED? HA! by steveb3210 · · Score: 2

      Computer, Lieutenant Commander Worf. Confirm auto-destruct sequence, authorization Worf 3-7 Gamma Echo.

  3. Re:Wow. by ultrasawblade · · Score: 2

    Because this would not use any traceable/loggable data network and may work in a situation where there is the cover of noise.

  4. On flags of the colour "red" by HeckRuler · · Score: 3, Insightful

    I think it's interesting how many alarm bells this post sets off in my head.

    First off, it's a long format Slashdot article, and it's not an "ask slashdot" nor a book review. Slashdot TV? is that still a thing? Why are they selling this company?
    It reads like an ad and uses the language thereof: "Imagine", "envision", "a way to facilitate", "Initially with Bitcoin",
    And.... is that trying to spin the shoddy website as a good thing?
    And the format of the video and interview is also just... cheap.

    Is their idea worthwhile? Are there already ways to achieve the same results? Is illliri's way enough better than existing mobile device security systems that it's worth exploring? And would it be better, not just for the world in general, but as a way to help illiri's founders make a living if their software was open source?

    See Betteridge law of headlines.

    Then there's the obvious problem with the basic fundamental gimmick: Anyone with a recorder nearby now has you password. The thing about secrets that are supposed to stay between you and the authenticator is that the transfer point is REALLY important. Pin numbers, passwords and all that jazz are a pain in the ass, but a noise? Anyone with a audio recorder now has your password. If you can put a device up next to their mic, then there are much more secure ways to have your device hand it some information.

    This is just so.... so... this is a joke right? Some sort of meta-humor on slashdot?

  5. Prior Art by nullchar · · Score: 3, Interesting

    Near_sound_data_transfer is already implemented and sold by TagAttitude.

    Audio data transfer in Android is discussed in this stackoverflow post which mentions this slideshow.

    This dude posted his same idea over a year ago.

    Modem-style data transfer between smartphones is a cool idea - but the software and protocol would need to be ubiquitous (read: open). If only a few apps or devices support this tech, it's no different from requiring hardware like NFC or software to support a bluetooth data sharing connection.

  6. Re:Wow. by fisted · · Score: 2

    RTFW?

    --
    CLI paste? paste.pr0.tips!