Slashdot Mirror
It's Possible To Hack a Smartphone With Sound Waves, Researchers Show (cnbc.com)
A security loophole that would allow someone to add extra steps to the counter on your Fitbit monitor might seem harmless. But researchers say it points to the broader risks that come with technology's embedding into the nooks of our lives. John Markoff, writes for the NYTimes: On Tuesday, a group of computer security researchers at the University of Michigan and the University of South Carolina will demonstrate that they have found a vulnerability that allows them to take control of or surreptitiously influence devices through the tiny accelerometers that are standard components in consumer products like smartphones, fitness monitors and even automobiles. In their paper, the researchers describe how they added fake steps to a Fitbit fitness monitor and played a "malicious" music file from the speaker of a smartphone to control the phone's accelerometer. That allowed them to interfere with software that relies on the smartphone, like an app used to pilot a radio-controlled toy car. "It's like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words" and enter commands rather than just shut down the phone, said Kevin Fu, an author of the paper, who is also an associate professor of electrical engineering and computer science at the University of Michigan and the chief executive of Virta Labs, a company that focuses on cybersecurity in health care. "You can think of it as a musical virus."
For your bemusement...
Wow, this is scary stuff. What are they going to do next? Change a pixel on my screen?
Sounds like Stephenson's idea of the "nam-shub" from Snow Crash has become real
Duke Leto Atreides is developing a secret army using a new weapon based on sound.
Yelling at your phone DOES work!
Ha ha ha h- errr, I mean, that's terrible!
Seriously, what passes for "security" these days is akin to throwing a nympho with a bottle of Jack Daniels under each arm onto a troopship and expecting her to come out a virgin.
Just cruising through this digital world at 33 1/3 rpm...
This is not hacking a smartphone. This is A) 'biasing output' or making it look like one has put in more steps for the day, and B) 'controlling output' or spelling a word with the graph of acceleration/time using tight sound manipulation of an accelerometer. Link to TFPeer reviewed paper: https://spqr.eecs.umich.edu/pa...
We already have this - it's called earworms ... (now to get Itsy Bitsy Spider out of my head!)
Wellll. Okay, let's walk back some of that.
You can't "hack" a phone with sound waves (or, at least, no method for that has been demonstrated as yet. What is being demonstrated here is a method of artificially biasing the input to a MEMS accelerometer using audible (!) and not-incredibly-loud (!!!) sound waves. Make no mistake, that is impressive. But it's still just input. Unless your phone will reveal its passwords to anyone who shakes it in a particular way, there's no real attack surface here.
The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
"Hey Siri, open the hacking app."
So anything that interferes with normal operation is now a "virus"?
Is the puddle that I dropped my (old, not waterproofed) phone in also considered a DDOS (the puddle did contain what appeared to be a large amount of water molecules) ?
Umm, your reference source doesn't in fact reference him and a nannycam, his girlfriends sister or anything like that. No wonder he was a lonely soul... O.o
Intel CPU Backdoor Report (Updated Mar 13, 2017)
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.
What we know about Intel CPU backdoors so far:
TL;DR version
Your Intel CPU and Chipset is running a backdoor as we speak.
The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.
30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."
"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."
"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."
"We can permanently monitor the keyboard buffer on both operating system targets."
Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.
Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.
If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).
Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software
1. Introduction, what is Intel ME
Short version, from Intel staff:
Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM
The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in
hack it with CW or rtty
If an accelerometer was designed to control the automation of insulin dosage in a diabetic patient, for example, that might make it possible to tamper with the system that controlled the correct dosage.
This is pure fear mongering. Why didn't the article go with: "If an accelerometer was designed to control the launching of the US Nuclear Arsenal, it might make it possible for the hack to end human life on earth."
When I was a kid people used to hack public phones with a similar technique. I think they used candies' wraps. It's true what they say that everything in computer technology is at last 50 years old.
Come on... even on the datasheets they tell you the resonant frequencies... is this research? or they are just investigating on how to hit the headlines with stupid article headings?
so, your goal in life is to start false rumors about dead people making them out to all be pervs?
Wow. You are such an asshole.
Hello, this is the Internet calling.
http://archive.boston.com/ae/m...
Or whatever Google.com.
Brad Delp nannycam
In Delpâ(TM)s last days, the crisis involving Meg Sullivan weighed heavily on him, according to legal filings examined by the Globe.
On Feb. 28, Meg Sullivan discovered the battery-powered camera in her bedroom when it fell into view. The next day, Delp wrote her an emotional e-mail saying, âoeI feel sick about this, and deservedly so.â She didnâ(TM)t respond.
On March 2, Delp had a show with his Beatles tribute band, Beatlejuice, at the Sit â(TM)n Bull pub in Maynard. Todd Winmill, Meg Sullivanâ(TM)s boyfriend, was scheduled to work as a sound engineer for the show; Winmill had also been a sound man for Boston. Delp huddled in Winmillâ(TM)s car before the gig, according to Winmillâ(TM)s testimony.
âoeHe essentially apologized for about a half-hour,â said Winmill. âoeAnd then I told him he had to tell Pamela. He didnâ(TM)t like the thought of having to do that.â
At 2 a.m. on March 3, Delp e-mailed Meg Sullivan again, pleading for forgiveness.
âoeI want to try and make you understand that I consider myself a decent person who made a dreadful error in judgment,â wrote Delp. âoeI acted out of some impulse that is still not completely fathomable to me.â
He called his action an âoeaberrationâ and compared it to Pamela Sullivanâ(TM)s affair the previous summer â" an affair that emerged in previous testimony and was confirmed last year by Pamela Sullivan in a Globe interview. At one point, Delp had tried to set up tracking devices on her computer to catch her in an affair, but in the end, she admitted the infidelity and the two eventually made plans to get married.
Pamela Sullivan did not respond to recent requests for an interview. Attorney Jeffrey Robbins, who is representing the Herald, declined to comment on the case. Scholz attorney Nicholas Carter also declined comment.
The e-mail Delp sent in the early morning hours of March 3 led to responses from Meg Sullivan and Winmill.
Winmill pushed Delp to tell Pamela Sullivan about the camera. He gave him one day to do it because, he wrote via e-mail, it was unfair to ask Meg to keep the secret from her sister.
âoeIt is because of [Megâ(TM)s] regard for you that she has given you this opportunity to tell Pam yourself,â wrote Winmill, who now lives in California and did not respond to recent interview requests. âoeIt is probably the best way for her to hear it, but please understand, and this is not a threat, but understand that she will find out.â
Delp asked if he could have until March 5, when he planned to tell his fiancee on the phone.
That day, Delp started purchasing tubes and vents at the Home Depot in Plaistow, N.H., according to receipts filed in court. Delpâ(TM)s idea was to hook these up to the exhaust pipe of his yellow Volkswagen Bug. This, he would later write in a note taped to his garage, was for a backup suicide plan.
On the night of March 7, according to Winmillâ(TM)s deposition, he and Meg Sullivan showed up at Delpâ(TM)s home to pick up more of her things. It was an unpleasant experience, as described in Meg Sullivanâ(TM)s deposition. Winmill yelled and swore at Delp, who repeatedly apologized and was in tears, according to Sullivan.
The next day, Delp bought a pair of charcoal grills at Walmart. And that night, instead of returning to Delpâ(TM)s house, Pamela Sullivan stayed at an apartment they had rented for her. She found Delpâ(TM)s body the following day.
The Herald, in a pair of recent articles, has focused on Delpâ(TM)s relationship with Scholz, describing what it says were the singerâ(TM)s negative feelings about Scholz
.. probably said the same thing before shipping the product; "You know.. In theory, people could mess with this through sound waves." Because I doubt anyone smart enough to make something like this wouldn't be smart enough to realize that. Oh, and then they probably all laughed their way to the bar and enjoyed a couple beers as colleagues usually do after a tough project.
I tend to rant.
Now I anticipate Rickroll music being used to hack your phone/car.
Musical virus-- like Taylor Swift?
What, as opposed to just sound? Or did you add the "waves" bit to sound more intelligent?
i listen to malicious music everyday in my car that threatens to rip the rear view mirror off the glass. til people are still surprised at what "sound" is.