Most people have a general idea of how to protect themselves from hackers by avoiding suspicious emails, websites, or apps, but what about when it comes to sound? A new wave of hacking uses soundwaves to gain access to mobile devices, and millions of people could be falling victim without realizing it.
Sound plays a large role in mobile devices and can be manipulated in multiple ways for malicious activity. Devices like smartphones and activity trackers use tiny sensors called accelerometers to detect movement. Researchers have discovered how to use sound waves to trick the sensors into registering fake movement, which can allow hackers to take control of the device.
“It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words,” said computer scientist Kevin Fu. ”You can think of it as a musical virus.”
Fu and his team at the University of Michigan have been researching how sound waves affect hacking. Thousands of devices already use these sensors, known as MEMS accelerometers, and futuristic technology will rely on them even more.
Being able to fake a motion signal might not sound dangerous, but the sensors in a device are what detects how you are holding or tilting your phone or tablet. Researchers discovered that with the right sound wave frequency, they could fool devices and manipulate the sensors.
With the basic understanding of sound wave technology, they were able to trick a Fitbit into adding thousands of steps that were never taken, take control of a remote control toy car using a smartphone app, and use an audio file to make a smartphone write out a word in a graph of its accelerometer readings. These examples are fairly harmless, but the principle is there that allows hackers to take control of devices through sound.
“If a phone app used the accelerometer to start your car when you physically shake your phone, then you could intentionally spoof the accelerometer’s output data to make the phone app think the phone is being shaken,” said researcher Timothy Trippel. “The phone app would then send the car a signal to start.”
Another sound-related hacking concern is known as ultrasonic cross-device tracking, or uXDT, which is being researched by a team at University College London.
Marketers use cross-device tracking as a major source of data on consumers and can tell a person’s smartphone if they are watching a particular TV show or share web browsing history between a person’s tablet and laptop. A number of apps and start-ups use the technology successfully but must disclose that they are tracking multiple devices.
The real threat with uXDT comes from apps that use the technology and often actively listen to ultrasound signals when the app isn’t running.
Essentially, hackers could gain access to a device’s microphone that is always on, allowing them to control the device and potentially monitor conversations. The hacking technology is newly being researched, meaning there is much to be done to gain a full understanding of the threat.
What Can Be Done?
Because the research is so new, manufacturers and consumers are largely unaware of the threat and what they can do to protect themselves.
Researchers recently warned manufacturers involved in their findings of the vulnerabilities of their devices with the hopes that they can work together to find ways to make it harder for hackers to reach devices with soundwaves.
Soundwave hacking showcases the future of hacking technology and how even simple things can be transformed into powerful hacking tactics. In order to truly stay safe, manufacturers and consumers need to be constantly vigilant and always be on the lookout for weaknesses in their devices.