Kevin Fu, a professor of electrical engineering and computer science at the University of Michigan, and his team published a study explaining how they created malicious audio files to take advantage of security holes in modern electronic device accelerometer systems. Using a $5 cost speaker, they were able to hack smartphones and wearables to perform different tasks while controlling them remotely. In their tests, they managed to take control of a Samsung Galaxy S5 and a pair of Fitbit bracelets. They have designed a system that can confuse the accelerometer of electronic devices to make them believe that we are doing specific actions. For example, if a mobile device has an application that changes the song that plays when it shakes it in a certain way, or if it turns on a house’s intelligent light bulbs, they can control these functions using audio attacks. The Accelerometers are sensors that include virtually all modern electronic devices (as well as cars) to detect when the user is moving and manipulating the device in a certain way. These sensors have a small amount of suspended mass and, when attacked by these sound waves, the researchers can move the mass of the sensor to trick the mechanism that the device is moving. Kevin Fu and his team claim that by using the right combination of sound waves and learning how accelerometer-based applications work, it is possible to hack into anything we can imagine.
Kevin Fu and his team said that “If an app uses the accelerometer to turn on the car when you shake the phone, an attacker could circumvent the sensor to make the phone believe that it is being shaken and so turn on the car.” Researchers have contacted accelerometer manufacturers to notify them about the security vulnerabilities they have discovered. Fu and his team claim that if hackers learned to take advantage of these security flaws and create audio files of this type, in the future, there could be sophisticated attacks such as having cars collide on a highway by playing a malicious song on the radio. So, what do you think about this new HACK? Simply share your views and thoughts in the comment section below.
Δ