Slashdot Mirror

← Back to Stories (view on slashdot.org)

It's Possible To Hack a Smartphone With Sound Waves, Researchers Show (cnbc.com)

Posted by msmash on from the security-woes dept.

A security loophole that would allow someone to add extra steps to the counter on your Fitbit monitor might seem harmless. But researchers say it points to the broader risks that come with technology's embedding into the nooks of our lives. John Markoff, writes for the NYTimes: On Tuesday, a group of computer security researchers at the University of Michigan and the University of South Carolina will demonstrate that they have found a vulnerability that allows them to take control of or surreptitiously influence devices through the tiny accelerometers that are standard components in consumer products like smartphones, fitness monitors and even automobiles. In their paper, the researchers describe how they added fake steps to a Fitbit fitness monitor and played a "malicious" music file from the speaker of a smartphone to control the phone's accelerometer. That allowed them to interfere with software that relies on the smartphone, like an app used to pilot a radio-controlled toy car. "It's like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words" and enter commands rather than just shut down the phone, said Kevin Fu, an author of the paper, who is also an associate professor of electrical engineering and computer science at the University of Michigan and the chief executive of Virta Labs, a company that focuses on cybersecurity in health care. "You can think of it as a musical virus."

6 of 41 comments (clear)

  1. obligatory xkcd by slew · · Score: 2

    For your bemusement...

  2. TL;DR by Scarred+Intellect · · Score: 3, Funny

    Yelling at your phone DOES work!

  3. no it won't "take control" by Sneftel · · Score: 3, Insightful

    Wellll. Okay, let's walk back some of that.

    You can't "hack" a phone with sound waves (or, at least, no method for that has been demonstrated as yet. What is being demonstrated here is a method of artificially biasing the input to a MEMS accelerometer using audible (!) and not-incredibly-loud (!!!) sound waves. Make no mistake, that is impressive. But it's still just input. Unless your phone will reveal its passwords to anyone who shakes it in a particular way, there's no real attack surface here.

    --
    The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
    1. Re:no it won't "take control" by AHuxley · · Score: 2

      Re "Unless your phone will reveal its passwords to anyone who shakes it in a particular way, there's no real attack surface here."
      Clever Attack Uses the Sound of a Computer’s Fan to Steal Data (06.28.16)
      https://www.wired.com/2016/06/...
      shows what can be done on the output side.
      The input side would be a way to open the device OS in some way to accept malware once its security was altered and a network opened.
      How would a device respond at code at 15 to 20 bits per minute in its own trusted hardware?

      --
      Domestic spying is now "Benign Information Gathering"
  4. I do it all the time with sound waves by nospam007 · · Score: 2

    "Hey Siri, open the hacking app."

  5. Accerlometers Control Insulin Dosage?!?.. by BBF_BBF · · Score: 2

    If an accelerometer was designed to control the automation of insulin dosage in a diabetic patient, for example, that might make it possible to tamper with the system that controlled the correct dosage.

    This is pure fear mongering. Why didn't the article go with: "If an accelerometer was designed to control the launching of the US Nuclear Arsenal, it might make it possible for the hack to end human life on earth."

    :rolleyes: