Evidence Shows the Capability to Hack Via Sound Waves

Standard

Computer security researchers from the University of Michigan and the University of South Carolina proved, yesterday, they have discovered a way to hack into a device using sound ways. This newly found weakness allows them to control or influence devices through tiny accelerometers. Accelerometers are instruments that measure acceleration and are manufactured as dynamic silicon chip-based devices used to sense movement or vibrations known as microelectromechanical systems, or MEMS. They are used for navigating, determining the orientation of a tablet and calculating distance in fitness monitors. Accelerometers are standard in consumer products such as smartphones, Fitbits and automobiles.

In the paper highlighting the research, they demonstrate how they were able to add additional steps to a Fitbit monitor, as well as, play a “malicious” music file from a smartphone, demonstrating they can control the phone’s accelerometer. Kevin Fu, one author of the paper, stated, “It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words.” He went on to say, “You can think of it as a musical virus.”

In addition, research from the paper shows that with the toy car, they did not infiltrate the car’s microprocessor, but rather controlled the car by forcing the accelerometer to generate fake readings.

Vinny Troia, CEO of NightLion Security commented, “as we see a heightened push to develop self-driving vehicles from numerous companies, undetected vulnerabilities, such as this one, that could allow an attacker to remotely control a self-driving vehicle is disturbing, but a reality that should be seriously considered.”

Computer security researchers remarked that this is new insight into cybersecurity challenges in complex systems, which show how analog and digital components can interact in unpredictable ways.

The computer security researchers will be presenting their findings at the IEEE European Symposium on Security and Privacy in Paris next month.

Advertisements