Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Privacy Your Rights Online

It's Possible To Hack a Smartphone With Sound Waves, Researchers Show (cnbc.com) 41

A security loophole that would allow someone to add extra steps to the counter on your Fitbit monitor might seem harmless. But researchers say it points to the broader risks that come with technology's embedding into the nooks of our lives. John Markoff, writes for the NYTimes: On Tuesday, a group of computer security researchers at the University of Michigan and the University of South Carolina will demonstrate that they have found a vulnerability that allows them to take control of or surreptitiously influence devices through the tiny accelerometers that are standard components in consumer products like smartphones, fitness monitors and even automobiles. In their paper, the researchers describe how they added fake steps to a Fitbit fitness monitor and played a "malicious" music file from the speaker of a smartphone to control the phone's accelerometer. That allowed them to interfere with software that relies on the smartphone, like an app used to pilot a radio-controlled toy car. "It's like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words" and enter commands rather than just shut down the phone, said Kevin Fu, an author of the paper, who is also an associate professor of electrical engineering and computer science at the University of Michigan and the chief executive of Virta Labs, a company that focuses on cybersecurity in health care. "You can think of it as a musical virus."
This discussion has been archived. No new comments can be posted.

It's Possible To Hack a Smartphone With Sound Waves, Researchers Show

Comments Filter:
  • by slew ( 2918 ) on Tuesday March 14, 2017 @04:23PM (#54039551)

    For your bemusement [xkcd.com]...

  • TL;DR (Score:4, Funny)

    by Scarred Intellect ( 1648867 ) on Tuesday March 14, 2017 @04:46PM (#54039729) Homepage Journal
    Yelling at your phone DOES work!
  • Ha ha ha h- errr, I mean, that's terrible!

    Seriously, what passes for "security" these days is akin to throwing a nympho with a bottle of Jack Daniels under each arm onto a troopship and expecting her to come out a virgin.

  • This is not hacking a smartphone. This is A) 'biasing output' or making it look like one has put in more steps for the day, and B) 'controlling output' or spelling a word with the graph of acceleration/time using tight sound manipulation of an accelerometer. Link to TFPeer reviewed paper: https://spqr.eecs.umich.edu/pa... [umich.edu]
    • This is not hacking a smartphone. This is A) 'biasing output' or making it look like one has put in more steps for the day, and B) 'controlling output' or spelling a word with the graph of acceleration/time using tight sound manipulation of an accelerometer. Our headlines have been getting more hyperbolic, with this and the "Rogue Robot" killing it's handler.

      Next we'll be hearing about how O'Bama wiretapped Trump Tower or how he did it with Microwave ovens.......

      Oh - wait.

      Who's writing these Slashdot headlines anyhow?

  • by Sneftel ( 15416 ) on Tuesday March 14, 2017 @05:01PM (#54039853)

    Wellll. Okay, let's walk back some of that.

    You can't "hack" a phone with sound waves (or, at least, no method for that has been demonstrated as yet. What is being demonstrated here is a method of artificially biasing the input to a MEMS accelerometer using audible (!) and not-incredibly-loud (!!!) sound waves. Make no mistake, that is impressive. But it's still just input. Unless your phone will reveal its passwords to anyone who shakes it in a particular way, there's no real attack surface here.

    • by AHuxley ( 892839 )
      Re "Unless your phone will reveal its passwords to anyone who shakes it in a particular way, there's no real attack surface here."
      Clever Attack Uses the Sound of a Computer’s Fan to Steal Data (06.28.16)
      https://www.wired.com/2016/06/... [wired.com]
      shows what can be done on the output side.
      The input side would be a way to open the device OS in some way to accept malware once its security was altered and a network opened.
      How would a device respond at code at 15 to 20 bits per minute in its own trusted hardw
      • by Sneftel ( 15416 )

        The input side would be a way to open the device OS in some way to accept malware once its security was altered and a network opened.
        How would a device respond at code at 15 to 20 bits per minute in its own trusted hardware?

        Probably somewhat slower than it would if you were communicating with it at 5-100 megabits per second over that network connection you've already opened up.

        • by AHuxley ( 892839 )
          Flood the area with two methods.
          The first to enter or reset the device hardware. A command to reset or default using unexpected hardware access.
          The sound does not have to be complex or need malware like bandwidth, just enough to alter the device settings to make it network receptive.
          The second network in the same area is just a flood of classic malware for that brand and version of device finding a now wide open default device wide open on normal networks with all the bandwidth needed for more complex
  • by nospam007 ( 722110 ) * on Tuesday March 14, 2017 @05:42PM (#54040111)

    "Hey Siri, open the hacking app."

  • by BBF_BBF ( 812493 ) on Tuesday March 14, 2017 @07:38PM (#54040729)

    If an accelerometer was designed to control the automation of insulin dosage in a diabetic patient, for example, that might make it possible to tamper with the system that controlled the correct dosage.

    This is pure fear mongering. Why didn't the article go with: "If an accelerometer was designed to control the launching of the US Nuclear Arsenal, it might make it possible for the hack to end human life on earth."

    :rolleyes:

  • When I was a kid people used to hack public phones with a similar technique. I think they used candies' wraps. It's true what they say that everything in computer technology is at last 50 years old.
  • .. probably said the same thing before shipping the product; "You know.. In theory, people could mess with this through sound waves." Because I doubt anyone smart enough to make something like this wouldn't be smart enough to realize that. Oh, and then they probably all laughed their way to the bar and enjoyed a couple beers as colleagues usually do after a tough project.
  • Musical virus-- like Taylor Swift?

  • i listen to malicious music everyday in my car that threatens to rip the rear view mirror off the glass. til people are still surprised at what "sound" is.

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...