EMERGING TECH
EMERGING TECH
EMERGING TECH
Musical cyberattacks? How sound waves can mess with a connected device
New research suggests that hackers could potentially use sound waves to meddle with or take control of a connected device.
On Tuesday a group of security researchers at the University of Michigan and the University of South Carolina showed how a connected device can be meddled with, or taken control of, using sound waves. That would be some prank, although the ramifications of such a hack could be deadly serious in some circumstances.
The vulnerability the team found was used to add extra steps to a Fitbit fitness monitor by playing a malicious music file and manipulating accelerometers and other motion sensors. The researchers said this could be done with any connected device.
Kevin Fu, associate professor of computer science and engineering at the University of Michigan, said it’s useful to think of the manipulation as a ”musical virus.” Fu said the only reason his team had created this kind of musical remote control of connected devices was to show Internet of Things makers what vulnerabilities existed. The team also created a kind of antivirus for possible attacks.
“The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor,” Fu said. “Our findings upend widely held assumptions about the security of the underlying hardware.”
The researchers tested their musical virus on more than just a Fitbit. They also played a malicious piece of music on a smartphone to take control of a remote-control toy car.
Simply put, the accelerometer in a device measures speed and change of movement, such as when you position a tablet or where your Fitbit is going. “Thousands of everyday devices already contain tiny MEMS [micro-electromechanical systems] accelerometers,” said Fu. “Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.”
In a statement, Fitbit said this didn’t involve a compromise of Fitbit user data. “What is being described is simply a way to game the system,” the company said. “We believe that any attempt to get credit for steps not actually taken, however clever, deprives the user of the very real benefits of living a more active, healthier life…. We continue to explore solutions that help mitigate the potential for this type of behavior.”
Image: Joel Kramer via Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
