There’s an old chant in the security world that anything can be hacked. And the more complex our devices become, the more methods hackers dream up to break into them.
But what if you are told that it's possible to hack someone's smartphone using sound waves. Aren't you concerned?
As for your smartphone, scientists have discovered a crafty new method for hacking them. A team of researchers can use sound waves to control anything from a smartphone, medical apparatuses or even cars and aeroplanes.
You can now legitimately make things float in mid-air using precisely attuned sonic waves. Inside pretty much every smartphone is an accelerometer, which is used to detect motion in three dimensions. It turns out that a certain type of accelerometer, called a capacitive MEMS accelerometer, the chips that enable smartphones and Fitbits to know when they’re in motion, where they’re going, and how quickly can be hacked with sound waves.
The output signal spells “WALNUT.” Can you see it? |
A University of Michigan researcher points a speaker at an accelerometer, which can send false readings to a phone, fitness tracker or other device. Using a $5 speaker, the team used their music files to add thousands of fictitious steps to FitBits, and they manipulated a smartphone’s accelerometer into thinking it was moving in order to pilot a connected remote control car. These sound waves were emitted from both remote devices and from the phones themselves using embedded sound files concealed within emails and text messages. They used a different malicious music file to cause a Samsung Galaxy S5’s accelerometer to spell out the word “WALNUT” in a graph of its readings.
So how does this work? This video is well worth watching:
The flaw, which the researchers have found in more than half of the 20 commercial brands from five chip makers they tested, illustrates the security challenges that has emerged as robots and other kinds of digital appliances have begun to move around in the world.
In the case of the toy car, the researchers did not actually compromise the car's microprocessor, but they controlled the car by forcing the accelerometer to produce false readings. They exploited the fact that a smartphone application relies on the accelerometer to control the car.
While toy cars might seem like minor examples, there are other darker likelihoods too. If an accelerometer was designed to control the automation of insulin dosage in a diabetic patient, for example, that might make it possible to tamper with the system that controlled the correct dosage.
No comments:
Post a Comment