Posted 4 years ago ago by admin
Researchers show sound waves can be used to hack everything from phones to fitness trackers
- Technique uses accelerometers found in millions of gadgets
- Precisely tuned acoustic tones can trick them into registering movement
- This could be used to create backdoors into devices, researchers warn
Sound waves could be used to hack into critical sensors in everything from phones and medical devices to fitness trackers and cars, researchers have warned.
The groundbreaking University of Michigan researchers reveals that millions of gadgets that use accelerometers are at risk.
Researchers found the tiny sensors can be tricked, registering fake movement and giving hackers a backdoors into devices.
Scroll down for video
The researchers performed several proof-of-concept demonstrations of their hack, including using a $5 speaker and a malicious music file to cause a Samsung Galaxy S5’s accelerometer to spell out the word ‘WALNUT’ in a graph of its readings (pictured).
WHAT IS AN ACCELEROMETER?
The sensors involved in this research are known as capacitive MEMS accelerometers.
They measure the rate of change in an object’s speed in three dimensions.
They are used in everything from phones and fitness trackers to cars and drones.
All accelerometers have an analog core—a mass suspended on springs.
When the object the accelerometer is embedded in changes speed or direction, the mass moves accordingly.
The digital components in the accelerometer process the signal and ferry it to other circuits.
‘The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor,’ said Kevin Fu, U-M associate professor of computer science and engineering.
‘Our findings upend widely held assumptions about the security of the underlying hardware.’
The team used a $5 speaker and precisely tuned acoustic tones to deceive 15 different models of accelerometers into registering movement that never occurred.
The approach served as a backdoor into the devices – enabling the researchers to control other aspects of the system.
The new work calls into question the longstanding computer science belief that software can automatically trust hardware sensors, which feed autonomous systems with fundamental data they need to make decisions.
‘If you look through the lens of computer science, you won’t see this security problem,’ said Fu.
‘If you look through the lens of materials science, you won’t see this security problem.
‘Only when looking through both lenses at the same time can one see these vulnerabilities.’
‘Analog is the new digital when it comes to cybersecurity,’ Fu said.
‘Thousands of everyday devices already contain tiny MEMS accelerometers.
‘Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.’
WHAT THE HACK COULD DO
Researchers used the technique to ‘inject’ thousands of fictitious steps into a Fitbit
The researchers performed several proof-of-concept demonstrations:
They used a $5 speaker to inject thousands of fictitious steps into a Fitbit.
They played a malicious music file from a smartphone’s own speaker to control the phone’s accelerometer trusted by an Android app to pilot a toy remote control car.
They used a different malicious music file to cause a Samsung Galaxy S5’s accelerometer to spell out the word ‘WALNUT’ in a graph of its readings.
Autonomous systems like package delivery drones and self-driving cars, for example, base their decisions on what their sensors tell them, said Timothy Trippel, a doctoral student in computer science and engineering and first author of a new paper on the findings.
‘Humans have sensors, like eyes, ears and a nose.
‘We trust our senses and we use them to make decisions,’ Trippel said.
‘If autonomous systems can’t trust their senses, then the security and reliability of those systems will fail.’
The trick Trippel and Fu introduced exploits the same phenomenon behind the legend of the opera singer breaking a wine glass.
Key to that process is hitting the right note—the glass’ resonant frequency.
The researchers identified the resonant frequencies of 20 different accelerometers from five different manufacturers.
Then instead of shattering the chips, they tricked them into decoding sounds as false sensor readings that they then delivered to the microprocessor.
Michigan Engineering researchers used a malicious music file to hack into a Samsung Galaxy S5, coaxing its accelerometer to read out the word WALNUT.
While the attack itself doesn’t sound all that frightening, in principle, it revealed a major security hole in certain commonplace hardware sensors.
With a $5 speaker, University of Michigan researchers fooled hardware sensors called accelerometers in a way that gave the researchers access to other aspect of the system.
Trippel noticed additional vulnerabilities in these systems as the analog signal was digitally processed.
Digital ‘low pass filters’ that screen out the highest frequencies, as well as amplifiers, haven’t been designed with security in mind, he said.
In some cases, they inadvertently cleaned up the sound signal in a way that made it easier for the team to control the system.
The researchers recommend ways to adjust hardware design to eliminate the problems.
Kevin Fu, associate professor of computer science and engineering, led a team of researchers who used sound to trick hardware sensors called accelerometers in a host of popular consumer electronics.
They also developed two low-cost software defenses that could minimize the vulnerabilities, and they’ve alerted manufacturers to these issues.
The university is pursuing patent protection for the intellectual property and is seeking commercialization partners to help bring the technology to market.