It sounds like wild science-fiction stuff: Play the right sequence of music through a speaker, and you can take over any device that “hears” it. And yet, a bunch of scientists have just announced that under the right circumstances, you can do exactly that thing.
A research team from the University of Michigan and the University of South Carolina found that it’s possible to make your Fitbit, smartphone, or almost anything else with an accelerometer in it respond to sound, the New York Times reports.
“It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words,” one of the researchers explained to the NYT. “You can think of it as a musical virus.”
Accelerometers measure how fast and in which direction your device is going, and pretty much everything has one. It’s how your phone can count your steps, or a game on your tablet can tell which direction you’re holding it in.
When you get right down to it, though, the microelectromechanical chips (MEMS) that can measure this movement are ultimately sensing vibrations — which is also what sound waves are.
In one instance, the researchers were able to add extra steps to a Fitbit that wasn’t actually moving. And in another case, they were able to play a “malicious” music file over a smartphone speaker that then let them control the phone’s accelerometer. The compromised accelerometer, in turn, let the team alter the course of an app-controlled toy car.
A Fitbit and a toy car are hardly life-and-death examples, the researchers and the Times admit, but they point to an unexplored vulnerability that could be much more severe. There are accelerometers in medical devices, like pacemakers and insulin injectors, for example; causing those to present false readings, or taking control of th em, could prove fatal for patients relying on them.
And the leap from toy cars to real ones is also not an impossibility: Self-driving vehicles rely on accelerometer tech, and if a passer-by could hijack a truck or make it run off the road with nothing more than a malicious boombox, that would be dangerous for pretty much everyone.
The research team tested 20 different models of accelerometer from five different manufacturers. Overall, they were able to affect what information 75% of the chips received, and were able to control what 65% of them did.
There’s good news, though: As part of their paper, which will be presented at an international conference next month, the researchers also pointed out hardware and software changes that accelerometer makers can use to protect their chips from the flaws the scientists discovered.
It’s Possible to Hack a Phone With Sound Waves, Researchers Show [New York Times]