Sound waves can be used to hack into the vital sensors used in a wide range of everyday electronic devices, researchers at the University of Michigan have found.
The discovery calls into question a long-held assumption among computer scientists that software can automatically trust hardware sensors.
The sensors in question are known as capacitive MEMS accelerometers, which measure the rate of change in an object's speed in three dimensions.
The researchers identified the resonant frequencies of 20 different accelerometers from five different manufacturers. They targeted the chips with precisely tuned acoustic tones that tricked them into decoding the sounds as false sensor readings.
The chips then delivered false information about movement which never occurred to the device's microprocessor.
"Spoofing those measurements, you can potentially control the behavior of a larger system, such as an RC or a fitbit, or maybe even an automobile or a truck," Trippel said.
"These devices are some of the most ubiquitous sensors in the world and they are used in automobiles, air bag deployment systems, even some implantable medical devices and avionic control systems," he explained.
However, Trippel said it is unlikely that would-be hackers could gain full control of a system simply by using soundwaves to hijack it.
"There is potential to spoof those centers, but it is probably somewhat unlikely that you will be able to gain full control of a system like that, because they are many other sensors that are delivering data that drives these autonomous systems or devices."
"You have to be able to spoof all the sensors, which might be somewhat unlikely. That's good, because we don't want our systems to completely fall apart due to one sensor malfunction."
Machines vulnerable to this kind of hacking include self-driving cars or airbag deployment systems. These are known as cyber-physical systems, which have pieces of software that autonomously make decisions based on environmental signals they perceive.
"We have a couple of different mechanisms. Obviously, the best way to do it is to redesign your hardware with these security vulnerabilities in mind. However, that's not always possible because these devices are deployed in many systems throughout the world. So, for that we've developed a couple of software defense mechanisms that attempt to filter out the acoustic noise from the acceleration signal."
The most immediate implication of the research is the potential for dangerous hacking of devices. However, the discovery may also offer a new way to transmit data in a cyber-physical system.
"This does present an actual channel to transmit information, which could be very useful, but we are still undergoing preliminary experiments on that technology," Trippel said.
Have you heard the news? Sign up to our Telegram channel and we'll keep you up to speed!
