Home > Security & Privacy
Sound Waves Can Be Used To Fool Your Phone's Motion Sensors
Joseph Xu/Michigan Engineering
March 16th, 2017 | 10:22 AM | 909 views
ENGADGET.COM
They could hijack your device in the right conditions.
It's tempting to assume that the sensors on your mobile devices are trustworthy. Surely something that relies on real-world activity can't lie, right? Unfortunately, that's no longer the case. Scientists have discovered that you can fool mobile devices' motion sensors into registering non-existent data by playing the right sounds. The technique involves playing a tone at the resonant frequency for the spring structures inside accelerometer chips, much in the same way as you might shatter a wine glass. It's not strictly hacking (not in the conventional sense, anyway), but it could lead to an outsider taking control of motion-related features in the right circumstances.
In tests, the team managed to steer an app-controlled toy car by playing carefully crafted music through an Android phone's speaker. They also got a phone to spell out the word "walnut" in a graph through another piece of music, and made a Fitbit tracker record imaginary steps using a basic speaker. None of these specific attacks are particularly frightening, but the team notes that this could theoretically be used to hijack drones or other vehicles that depend on motion sensing to get around.
The good news: this is relatively easy to defend against. There are two "low-cost" software solutions to thwart the resonant frequency exploit, and the researchers have already reached out to manufacturers (including Fitbit and Samsung) to make sure they're aware of the issue. This particular vulnerability might not last long. However, it's still an eye-opener -- it shows that sensor security can be just as important as the operating system or your apps.
Source:
courtesy of ENGADGET
by Jon Fingas
If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]