Smartphones (and Drones) Can Be Hacked with Sound
To add to the growing paranoia surrounding our smart devices and control over our seemingly private personal data, a new study published by researchers from the University of Michigan and the University of South Carolina shows that there will always be novel ways of breaking into digital devices. According to their study, researchers were able to gain control of common smart devices simply by aiming certain sounds at them, a method they call acoustic injection:
We characterize two classes of acoustic injection attacks with increasing levels of adversarial control […] To illustrate end-to-end implications, we show how to inject fake steps into a Fitbit with a $5 speaker. In our self-stimulating attack, we play a malicious music file from a smartphone’s speaker to control the on-board MEMS accelerometer trusted by a local app to pilot a toy RC car.
The method involves using common speakers to play certain frequencies which cause common accelerometers to vibrate. These components are what allow many digital devices such as smartphones, drones, or even vacuum cleaners to interface with or receive feedback from their physical environment.
Tricking these accelerometers, UM computer science PhD candidate Timothy Trippel says, is akin to fooling the human senses:
Humans have sensors, like eyes, ears, and a nose. We trust our senses and we use them to make decisions. If autonomous systems can’t trust their senses, then the security and reliability of those systems will fail.
However, simple tricks like optical illusions show that our senses can’t always be trusted, and computers are now able to fool human ears. Humans can’t always trust our senses; this study shows that the hopes of creating foolproof, logical thinking machines to augment our own sense perception might be in vain.
This research is meant as a warning to electronics manufacturers and consumers alike, although I’m not sure a warning is needed any longer. The current circus that is the American political landscape demonstrates that cybersecurity has become one of the most pressing concerns of modern life. With so many digital skeletons lurking in our browser history closets, none of us can be too careful these days. To that end, hackers and hacktivists alike have been looking for ways to protect the sanctity of our technological privacy, to little avail. The more humanity becomes connected, the more ways there are for those in power to spy on the masses in order to retain their control. It’s inevitable.