While everything smart today — be it hardware or software, can be hacked, companies are taking as much care and efforts to help secure their products. However, there are many products out there that can still be hacked into because of a zero day attack or outdated firmware, and nothing can be done about them. While most hacks can be remotely done using an internet connection, others need physical access. But here’s something that no one could even imagine — hacking with mere sound waves.
A team of researchers have zeroed in on a weird type of hacking method that utilises sound waves to control almost anything from a smartphone to a medical device and a drone to possibly even a car.
The trick the researchers used to hack into the system was using the device’s accelerometers. The accelerometer chips help smartphones and fitness gadgets track and sense motion, alerting the operating system about how fast and where the device is moving. By manipulating this chip, a hacker can take control of your smartphone or even your car.
According to Gizmodo, researchers at the University of Michigan and the University of South California managed to blast 20 different accelerometers from five different manufacturers with sound waves and malicious music files by using a small, simple $5 speaker. The speaker sent out resonant frequencies that tricked the target sensors and allowed the researchers to do what they wanted it to do.
Kevin Fu, an associate professor of electrical engineering and computer science at Michigan told NYT that it is a sort of a ‘musical virus.’ “It’s like an opera singer who hits a particular note pitch and breaks a wine glass at a distance,” he comments.
A type of sonic cyber attack, sound waves manage to nudge the small amount of mass suspended on springs within accelerometers to its tune. This movement is when the chip changes a capacitance and the device senses motion. Manipulating the frequency and amplitude within by sound waves, researchers can make the chip send out particular signals they need for hacking into the system. For example, they tried it on a Wi-Fi controlled toy racing car and made it change directions, speed, etc by simply blasting sound waves at the smartphone which was controlling it.
While researchers are presently stating that only a few accelerometers are presently vulnerable to such attacks, there may be many models and variants out there that could be attacked in the same manner. Of the 20 manufacturers they have identified, some are from well-known brands such as Bosch, STMicroelectronics, InvernSense, Murata and Analog Devices. This research will further stress manufacturers to secure their chips even further, but this can take time and could make future devices expensive.
The entire research can be read online on the website by clicking here....