, I. Echizen, E. Weippl:
"Error-Correcting Codes as Source for Decoding Ambiguity
Vortrag: 2nd Workshop on Language Theoretic Security (LangSec), IEEE Security&Privacy, San Jose, California; 21.05.2015; in:"Proceedings of the 2nd Workshop on Language Theoretic Security (LangSec)
[ Publication Database
Data decoding, format, or language ambiguities have been long known for amusement purposes. Only recently it came to attention that they also pose a security risk. In this paper, we present decoder manipulations based on deliberately caused ambiguities facilitating the error correction mechanisms used in several popular applications. This can be used to encode data in multiple formats or even the same format with different content. Implementation details of the decoder or environmental differences decide which data the decoder locks onto. This leads to different users receiving different content based on a language decoding ambiguity. In general, ambiguity is not desired, however in special cases it can be particularly harmful. Format dissectors can make wrong decisions, e.g. a firewall scans based on one format but the user decodes different harmful content.
We demonstrate this behavior with popular barcodes and argue that it can be used to deliver exploits based on the software installed, or use probabilistic effects to divert a small percentage of users to fraudulent sites.