Using Sound Waves to Hack Your Phone, Your Car, … [alert]

Sound waves properly generated near your phone can disrupt and feed incorrect information to the sensors that detect your location and/or movement.   MEMS (micro electronic-mechanical systems) accelerometers (even gyroscopes) are embedded in many devices and smartphones.

Imagine a worst case scenario, your self-driving car is toodling down the road.  A speaker by the roadside blasts signals that fool the car’s sensors into thinking is has just been hit by a ten-ton truck (or brick).  You are fine, but the sensors think you’re not.  Will your car be fooled into a response that will put you into danger?

Something might be as innocuous as making a FitBit think you’re walking ten miles a day instead of  playing some music with some embedded audio that makes the FitBit believe so, perhaps is not such a big deal.   Other than the fundamental dishonesty with which I do feel is a bigger deal.   See the paper – this was one of the first experiments.

The good news is preventing such attacks might be as simple as isolating the accelerometer from external sound sources.  Or in a high value asset like a car,  have multiple devices that perform sensing so one sensor can be outvoted (good defense against random failure, which might be a good idea anyway).

As with other vulnerabilities, being aware they exist is valuable to anyone who has an interest in protecting the security and privacy of your systems and smartphones.

If you are into science and physics, the work uses the behavior of resonant frequencies (every mechanical device has one or more) – and the external speaker simply drives those frequencies and forces them to resonate to the attacker’s sound source instead of measuring the world as it should.