When one thinks of modern hacking, most people immediately think of cracking into software. However, one team of researchers took a look at the disturbing possibilities through sound waves and smartphone hardware.
Engineers from the University of Michigan and University of South Carolina developed a way to use sound waves to control various hardware. They successfully hacked into a smartphone and proposed theoretical hacking of larger equipment – like a car. All it took was a small $5 speaker.
The research focused on inertial sensors called capacitive MEMS accelerometers. These devices measure the change in an object’s speed in three dimensions. MEMS tell car systems when to deploy airbags and how to keep a smartphone screen oriented. The team used the cheap speaker to blast sound waves at 20 different accelerometers using waves from malicious music files. Those frequencies messed with the MEMS sensors enough to give the researchers leverage in controlling the devices.
“It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words [and send commands to a smartphone],” Kevin Fu, a Michigan associate professor of electrical engineering and computer science told The New York Times. “You can think of it as a musical virus.”
[Image Source: University of Michigan]
Rather than shatter the chips like an opera singer shattering glass, the team tricked the MEMS into falsely reading the sounds and then delivered those readings to the microprocessor.
Possible dangers of controlling hardware with sound waves
Fu said this fresh risk isn’t something people typically think about regarding security.
“Analog is the new digital when it comes to cybersecurity,” Fu said. “Thousands of everyday devices already contain tiny MEMS accelerometers. Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.”
This could be especially dangerous with regard to autonomous systems like up-and-coming self-driving cars and package drones. Timothy Trippel, a doctoral student in computer science and engineering, said hacking these sensors are the equivalent of controlling human senses.
“We trust our senses and we use them to make decisions. If autonomous systems can’t trust their senses, then the security and reliability of those systems will fail.”
The team said it will present the information to the IEE European Symposium on Security and Privacy next month. They’re also looking to get patent protection for intellectual property so that they might further the research and develop innovative ways to combat this possible cyber-threat.