As if there weren’t enough ways for hackers to take control of our devices, now there’s research that suggests there’s another medium they can use to meddle with our lives — sound waves.
According to a team of researchers from the University of Michigan and the University of South Carolina, they have compelling proof that demonstrate how various electronically-dependent technologies can be hacked simply by finding the right acoustic tones and using this to influence or take control of devices through their accelerometers.
As it is, many of the devices we regularly use (such as smartphones and fitness wearables) depend on built-in sensors that read signals and react accordingly. These kinds of technologies are referred to as Microelectromechanical systems (MEMS), and the capacitive MEMS accelerometer is one of the most widely used sensor systems in many gadgets ranging from consumer gadgets, to implanted medical devices, and some industrial systems. The research team discovered that these accelerometers can be tricked into reading false movements. In a nutshell, they used sound waves to make the chip in the accelerometer think that it’s moving. Consequently, this allows the hacker to manipulate the affected device.
The team demonstrated several ways to control devices using acoustic waves. In a video (posted below), they showed how they were able to add fake steps to a Fitbit monitor that was perfectly still; pilot a remote-controlled toy car by playing a malicious music file from the smartphone’s own speaker to control the phone’s accelerometer via an Android app; and trick Samsung Galaxy S5’s accelerometer to spell out the word “WALNUT”.
As Kevin Fu, one of the authors of the paper, told New York Times: “It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words [and enter commands rather than just shut down the phone]…You can think of it as a musical virus.”
The team was able to find the vulnerability in over half of the 20 accelerometers they tested from Analog Devices Inc., InvenSense Inc., Murata Manufacturing, Robert Bosch GmbH, and STMicroelectronics. And the discovery underscores the emerging security risks that come with using robots and other digital devices. Imagine the possibilities — from tampering with medical devices, commanding it to deliver lethal instead of therapeutic action (like give incorrect insulin dosage amounts to diabetic patients), to taking over cars, starting them remotely and making them crash.
Those are extreme scenarios, of course. Which is why as alarming as the discovery of the flaw is, it’s not enough to cause widespread panic yet. But it’s certainly enough to initiate pre-emptive corrective measures before things escalate and get out of hand.
The team shared their findings with the five manufacturers involved in their tests, hoping that this will prompt them to make sensors that are ‘more secure and reliable’.
Taking off from this, the Department of Homeland Security also issued a warning about the ‘hardware design flaws’, specifying which chips are at risk and what are the possible remedies.
“The end game here is how to make our embedded systems more trustworthy. Once we can solve a lot of these problems on analog cybersecurity, we believe consumers will have more trust in emerging devices,” Professor Fu concludes.
The team will present their paper — entitled “WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks.” — at the IEEE European Symposium on Security and Privacy which will be held in Paris this coming April.