A team of security researchers from the University of South Carolina and University of Michigan in their research paper, has given an example of how sound waves can hack into one’s smartphone systems. To demonstrate their hypothesis, the researchers first added false steps to the fitness monitor of the FitBit wearable and then played a file that had malicious music from a smartphone’s speaker, which helped them in controlling the accelerometer. These steps helped them to hinder the software which is dependent on the phone, in the same manner as an app which that can be remotely used to control a radio-operated car.
“It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words and enter commands rather than just shut down the phone, You can think of it as a musical virus,” said Kevin Fu, one of the study’s authors.
Fu is also the CEO of Virta Lab which works for cyber security in the healthcare sector.
The current study was based on an earlier research which showed how drones can be controlled by music. He also stated that the previous study showed denial service attacks were used to control accelerometers.
The flaw that allowed a device to be hacked simply with the use of sound waves tied into security challenges. The team discovered that over 20 commercial brands from five chipset companies which were tested, show the challenges that have arisen as bots and smart home devices are being operated worldwide
They researchers able to extract information from nearly 75 per cent of the devices. They were able to control the productivity of about 65 per cent of the tested devices.
With several companies looking to get into the self-driving car sector and the advent of autonomous cars, vulnerabilities that go undetected and could allow a hacker to control the vehicles remotely is a scary prospect.
Fu also said that the Department of Homeland Security has decided to issue a security advisory alert against the chips manufactured by the companies that were tested by the researchers.
This paper will be presented next month in Paris at the IEEE European Symposium on Security and Privacy.