We all tend to keep a significant amount of personal information on our phones even if we are silently aware of any looming threats that may exist. That is why we rely on the companies that make the products we use to go to the great lengths that they do to keep our devices secure. Even though they've taken steps to keep your phone from being hacked physically or digitally, could the sudden appearance of audio waves as a means to hack be a that no one was prepared for?
Researchers from Michigan University and University of South Carolina have succeeded in hacking into a mobile device using sound. The process involves 'tricking' the phone's accelerometer- the piece of hardware in the phone responsible for sensing and adjusting to movement.
It has a varied list of uses ranging from flipping between landscape and portrait mode automatically and counting your steps. Of the 20 models, the researchers tested from 5 different manufacturers, as much as 65% of them could be manipulated with a sonic attack.
While previous research has demonstrated that sound waves could be used to disable accelerometers entirely, this research shows that accelerometers can be finely controlled with sound too, not just shut down. The vulnerability seems to come from an oversight by the manufacturers: no one anticipated any interference with the accelerometer and so the software does not know how to differentiate the physical input it gets from the interactions it receives.
But with the accelerometer getting more involved in the way that our devices operate, can it be ruled off as a simple software attack with no ramifications outside of the accelerometers intended applications? Fortunately,s o far, this attack hasn't shown signs of being able to access or manipulate your personal information, yet. Instead, the scientists demonstrated that sound could be used to drive a radio controlled car that was controlled by a phone. Or to hack a Fitbit into counting steps while it was sitting still. with the increasing popularity of vehicular automation, this attack could have some frightening, maybe even deadly ramifications.Self-driving cars rely on a suite of sensors, including accelerometers so they could be at risk. Another possible use for this attack could be tampering with insulin pumps to manipulate dosage as they rely on an accelerometer to facilitate this.
The good news is that most of these attacks can be thwarted with software, and the researchers contacted the manufacturers of the accelerometers with recommendations on how to fix the flaws in their designs.
This technique was also only tested on capacitance-accelerometers: one of the major types of accelerometers. Most of our devices though rely on the use of piezoelectric accelerometers instead, where microscopic crystals become stressed by acceleration and create a voltage that is interpreted by a chip. So while the sound waves are very capable of moving small masses in the capacitance-accelerometer, it isn't clear yet whether this would be the case in the piezoelectric accelerometers crystals.
Using sound to hack phones is not a novel concept. in the 1950s, people who called themselves phreakers used sound in order to conduct free telephone calls. Telephone systems used precise frequencies to route calls, (that's why your phone's buttons make a different tone sound when you're dialing). Phreakers would play the frequency needed into the receiver and connect to whomever they desired.
Two teenagers who would later start the most valuable computer company in history used to be phreakers. Long before Apple, Steve Wozniak and Steve Jobs experimented with creating digital circuits that could create tones to hack phones. One of their first business ventures was selling homemade phreaking boxes, which actually caught the attention of the FBI.
The irony of people using sound to hack into phones that these former hackers created is not remotely lost on me. What about you, do you see any potential ramifications by this oversight and what consequences may we have to face? Share the poetry in our comments section below and thank you for always visiting Base64.