Nothing in this world is safe, but this is not a cry of an overly cautious maniac. The security world believes to the core that everything can be hacked. Our devices keep becoming richer in features and complex in design along with added layers of security. What if it is the complex design of your phones that makes it hackable?
A team of researchers at the University of Michigan and the University of South Carolina have developed a way to control any smart device with sound waves, anything from a phone to even a car. Frightening right? All smart devices like phones and Fitbits are equipped with capacitive MEMS accelerometers to identify when they are in motion, what is the speed and where they are headed. These accelerometers can be fooled with sound waves, and the researchers managed to do that using a small $5 speaker.
The team used 20 different accelerometers from five different manufacturers and blasted them with malicious music files. The researchers managed to perform all sorts of tasks with by tricking the sensors with resonant frequencies. Kevin Fu, an associate professor at Michigan, said, “It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words [and send commands to a smartphone]. You can think of it as a musical virus.”
The capacitive MEMS accelerometers contain a small amount of mass suspended on springs. At the resonant frequencies, the sound waves manage to move this mass which fools the device into thinking it is in motion.
The sonic cyber attacks were used by the team to control smartphones with any command that they desired. They demonstrated it in a video how a toy car was controlled by simply using sound waves. The sonic attack was so controlled that the team even managed a Samsung Galaxy S5 to spell out words in the chip’s output signal. A Fitbit began to count steps with sound while being perfectly still.
You can learn more about it at the website of the project WALNUT.
In today’s world on Internet of Things we rely on our smartphones to do so many things; small things like taking photos and sending messages, and major things like starting and even controlling cars. In such a scenario, it is perturbing to think of the potential damages that will be caused if the smartphone were to be hacked.
The lead author of the paper on the project WALNUT is Timothy Trippel, who is a Ph.D. candidate at Michigan. Pointing out the potential dangers, Trippel said, “If a phone app used the accelerometer to start your car when you physically shake your phone, then you could intentionally spoof the accelerometer’s output data to make the phone app think the phone is being shaken. The phone app would then send the car a signal to start.”
If we think of using the tech to control toy cars, this is no danger at all but considering that almost all the consumer tech that is around today makes use of the same kind of accelerometers, the sonic cyber hacking sounds like the beginning of an apocalypse. It is not just smartphones, but drones, cars, airplanes, and even medical devices make use of the same tech. An insulin pump could be fooled into giving a wrong dosage and just playing a music file on the radio could make smart cars go crashing into each other.
“Thousands of everyday devices already contain tiny MEMS accelerometers,” said Professor Fu. “Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.”
In today’s world, if a person goes obsessively fearing tech and worry about security, they are not to be blamed. The purpose of this project is just to improve the security of the systems that we use today but if this gets into the wrong hands, it is hard to even imagine the consequences. The fears are real, and we are all at risk.