UPDATED 00:09 EDT / MARCH 15 2017

EMERGING TECH

Musical cyberattacks? How sound waves can mess with a connected device

New research suggests that hackers could potentially use sound waves to meddle with or take control of a connected device.

On Tuesday a group of security researchers at the University of Michigan and the University of South Carolina showed how a connected device can be meddled with, or taken control of, using sound waves. That would be some prank, although the ramifications of such a hack could be deadly serious in some circumstances.

The vulnerability the team found was used to add extra steps to a Fitbit fitness monitor by playing a malicious music file and manipulating accelerometers and other motion sensors. The researchers said this could be done with any connected device.

Kevin Fu, associate professor of computer science and engineering at the University of Michigan, said it’s useful to think of the manipulation as a ”musical virus.” Fu said the only reason his team had created this kind of musical remote control of connected devices was to show Internet of Things makers what vulnerabilities existed. The team also created a kind of antivirus for possible attacks.

“The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor,” Fu said. “Our findings upend widely held assumptions about the security of the underlying hardware.”

The researchers tested their musical virus on more than just a Fitbit. They also played a malicious piece of music on a smartphone to take control of a remote-control toy car.

Simply put, the accelerometer in a device measures speed and change of movement, such as when you position a tablet or where your Fitbit is going. “Thousands of everyday devices already contain tiny MEMS [micro-electromechanical systems] accelerometers,” said Fu. “Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.”

In a statement, Fitbit said this didn’t involve a compromise of Fitbit user data. “What is being described is simply a way to game the system,” the company said. “We believe that any attempt to get credit for steps not actually taken, however clever, deprives the user of the very real benefits of living a more active, healthier life…. We continue to explore solutions that help mitigate the potential for this type of behavior.”

Image: Joel Kramer via Flickr

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.