There are a huge number of ways hackers can compromise electronic devices, and new methods of attack are being discovered all the time. The latest involves using sound waves to control items such as phones, Fitbits, and smartwatches.
Researchers at the University of Michigan and the University of South Carolina described in their paper how they could spoof capacitive micro-electro-mechanical systems (MEMS) accelerometers, which let a device know when they’re moving and how quickly, by using simple acoustics.
Through a $5 speaker, the team hit 20 accelerometer models from five manufacturers with sound waves from music files. They affected the information or output from 75 percent of the devices tested and were able to control 65 percent of them, reports the New York Times.
The sound waves move the accelerometer sensor, which is suspended on springs, in such a way that the device thinks it is in motion.
“It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words [and send commands to a smartphone]” said Kevin Fu, an associate professor of electrical engineering and computer science at Michigan. “You can think of it as a musical virus.”
Being able to add extra steps to a Fitbit or taking control of a smartphone that’s steering a remote control car may not sound very threatening, but these kind of accelerometers are used in some cars, drones, and planes. The Times mentions how the technique could theoretically be used to affect accelerometers in insulin pumps to administer the wrong dose, or to take control of self-driving cars.
“Thousands of everyday devices already contain tiny MEMS accelerometers,” Fu added. “Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.”
It may only be a proof of concept, but the Department of Homeland Security is taking the vulnerability seriously. The agency issued an alert yesterday over the “hardware design flaws” in some MEMS accelerometer sensors.