Wednesday March 15, 2017

It’s Possible to Hack a Phone with Sound Waves, Researchers Show

A group of security researchers at the University of Michigan and the University of South Carolina have demonstrated that it is possible to hack phones and self driving cars using nothing but sound waves. The sound waves are used to trick the accelerometers in the phones and cars to provide incorrect readings, and these readings are then used to compromise the devices.

It is easy to see how providing a self driving car with incorrect accelerometer readings can cause problems, but it is less clear to me how, exactly, they are able to use their control of phone accelerometers to compromise these devices. While a researcher is quoted saying that they are able to use this exploit to "spell out words," to a layman like myself it would seem they might be able to rotate my screen against my will, but that's about it. The paper provides lots of detail on how to take control of accelerators using sound waves, but very little on how to use those accelerometers to execute arbitrary commands on the devices they attack.

The paper will be presented at the IEEE European Symposium on Security and Privacy in Paris next month. Presumably more detail will be provided at that time.

News Image

The Department of Homeland Security was expected to issue a security advisory alert Tuesday for chips produced by the semiconductor companies documented in the paper, Dr. Fu said. The five chip makers were Analog Devices, Bosch, InvenSense, Murata Manufacturing and STMicroelectronics.