A common belief in computer science is that software can automatically trust hardware sensors, well now it seems that isn’t the case.
A team of researchers from the University of Michigan have demonstrated how acoustic pulses from a speaker can be used to hack smartphones and fitness trackers. The audio tones were designed to trick the accelerometer sensor – a sensor used to detect three dimensional movement – in a smartphone into thinking it had detected movement when in fact it hadn’t.
“The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor,” Fu said. “Our findings upend widely held assumptions about the security of the underlying hardware.
“If you look through the lens of computer science, you won’t see this security problem. If you look through the lens of materials science, you won’t see this security problem. Only when looking through both lenses at the same time can one see these vulnerabilities.”
The researchers performed several proof-of-concept demonstrations: They used a $5 speaker to inject thousands of fictitious steps into a Fitbit. They played a malicious music file from a smartphone’s own speaker to control the phone’s accelerometer trusted by an Android app to pilot a toy remote control car. They used a different malicious music file to cause a Samsung Galaxy S5’s accelerometer to spell out the word “WALNUT” in a graph of its readings.
It’s a pretty scary thought that these findings could potentially be used to trick devices into performing actions they weren’t intended for – you can already see car thieves opening your car doors using your parking sensors.
For more information on this story check out the links below.