UPDATED 00:09 EDT / MARCH 15 2017

EMERGING TECH

Musical cyberattacks? How sound waves can mess with a connected device

New research suggests that hackers could potentially use sound waves to meddle with or take control of a connected device.

On Tuesday a group of security researchers at the University of Michigan and the University of South Carolina showed how a connected device can be meddled with, or taken control of, using sound waves. That would be some prank, although the ramifications of such a hack could be deadly serious in some circumstances.

The vulnerability the team found was used to add extra steps to a Fitbit fitness monitor by playing a malicious music file and manipulating accelerometers and other motion sensors. The researchers said this could be done with any connected device.

Kevin Fu, associate professor of computer science and engineering at the University of Michigan, said it’s useful to think of the manipulation as a ”musical virus.” Fu said the only reason his team had created this kind of musical remote control of connected devices was to show Internet of Things makers what vulnerabilities existed. The team also created a kind of antivirus for possible attacks.

“The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor,” Fu said. “Our findings upend widely held assumptions about the security of the underlying hardware.”

The researchers tested their musical virus on more than just a Fitbit. They also played a malicious piece of music on a smartphone to take control of a remote-control toy car.

Simply put, the accelerometer in a device measures speed and change of movement, such as when you position a tablet or where your Fitbit is going. “Thousands of everyday devices already contain tiny MEMS [micro-electromechanical systems] accelerometers,” said Fu. “Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.”

In a statement, Fitbit said this didn’t involve a compromise of Fitbit user data. “What is being described is simply a way to game the system,” the company said. “We believe that any attempt to get credit for steps not actually taken, however clever, deprives the user of the very real benefits of living a more active, healthier life…. We continue to explore solutions that help mitigate the potential for this type of behavior.”

Image: Joel Kramer via Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU