A small loophole in a security system may not seem like a major cause for worry, but researchers beg to differ and reveal there is a broader risk involved.
Moreover, hacking a smartphone through the mere use of sound waves is also possible, as asserted by researchers.
On Tuesday, March 14, a team of security researchers from the University of South Carolina and University of Michigan are set to demo how a security loophole can enable them to control a device. Through the use of accelerometers, which are the basic element present in products like fitness appliances, smartphones, and automobiles, the team will show how they can stealthily control a gadget.
The Research
In their research paper, the team has given an example of how sound waves can hack into one's systems. To demonstrate their hypothesis, the researchers first added false steps to the fitness monitor of the FitBit wearable and then played a file that had malicious music from a smartphone's speaker, which helped them in controlling the accelerometer. These steps helped them to hinder the software which is dependent on the phone, in the same manner as an app that can be remotely used to control a radio-operated car.
"It's like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words and enter commands rather than just shut down the phone. You can think of it as a musical virus," said Kevin Fu, one of the study's authors.
Fu is also the CEO of Virta Lab which works for cyber security in the healthcare sector.
The current study is based on an earlier research which showed how drones can be controlled by music. Fu also stated the previous study showed denial service attacks that were used to control accelerometers.
What Was The Flaw?
The flaw that allowed a device to be hacked simply with the use of sound waves was tied into security challenges. The team discovered that more than half of 20 commercial brands from five chipset companies they had tested show challenges that have arisen as bots and smarthome devices are being operated worldwide.
The researchers were able to extract information from nearly 75 percent of the devices as well as control the productivity of about 65 percent of the tested devices.
With several companies looking to get into the self-driving car sector and the advent of autonomous cars, vulnerabilities that go undetected and which could allow a hacker to control vehicles remotely is a scary prospect.
Fu also said that the Department of Homeland Security has decided to issue a security advisory alert against the chips manufactured by the companies that were tested by the researchers.
This paper will be presented next month in Paris at the IEEE European Symposium on Security and Privacy.
Photo: Kārlis Dambrāns | Flickr