Acoustic attack lets hackers control smartphone sensor

The acoustic injection attack takes advantage of a newfound vulnerability in smartphones and lets hackers remotely control the devices

Acoustic attack lets hackers control smartphone sensor
Shutterstock

A newfound vulnerability in smartphones could let hackers remotely control the devices.

With the acoustic injection attack, “attackers that deliver high intensity acoustic interference in close proximity” can interfere with a device accelerometer and get the sensor to send “attacker–chosen” data to the smartphone’s processor, say researchers from the University of Michigan and University of South Carolina in a paper.

Accelerometers measure changes of speed in a device, and they are used industrially to sense vibration for machinery health. In a smartphone, the accelerometer sensor can be used to detect screen orientation, for example.

The tiny microelectromechanical (MEMS) component works by measuring analog physical movement in axes. That signal is converted to digital and is sent onwards to be processed by the device.

This new audio injection hack creates sound—a form of vibration—and fools the accelerometer into receiving it. It can then issue commands.

The hijack also work on Internet of Things’ MEMS, medical equipment and other devices that use the now-common accelerometer gizmos from major manufacturers, the researchers say. Those vendors include Bosch and STMicroelectronics.

The problem is that “hardware components are not protected by traditional software means,” says Timothy Trippel, one of the students working on a solution, in a video on the school’s website. Device software usually trusts data sent from attached hardware sensors. That leaves sensors wide open to trickery if they can be infiltrated.

“No one really thought about the hardware layers that sit below the software layers,” he says. Adversaries can spoof those sensors and in this case, get in through the audio injection.

“With proper knowledge of the algorithms that [use] the polluted sensor data, adversaries may be able to control the behavior of a system that relies on the sensor data to make automated decisions,” the researchers say.

Hacking a Samsung Galaxy S5

The researcher were able to introduce special tones in a YouTube video that fools a Samsung Galaxy S5’s accelerometer to output certain signals. The acoustic interference woven throughout the YouTube video could also be delivered through Twitter, email attachments and other websites, they claim.

In another experiment, the group used audio to hack a smartphone app that was being used to pilot a radio-controlled model car. An app on a handheld phone, in that case, would use real-time gesture sensing delivered by the accelerometer to steer the car. The performed attack allowed the car to be piloted without moving the phone. A third experiment introduced fake steps into a wearable fitness band.

Accelerometers are used extensively in all drone flight controllers, in airplanes for navigation and in laptops to protect hard drives. They will also be used in self-driving cars and will be a ubiquitous element in future-tech robotics—the robot needs to know where it is.

“Spoofing such sensors with intentional acoustic interference enables an out-of-spec pathway for attackers to deliver chosen digital values to microprocessors and embedded systems that blindly trust the un-validated integrity of sensor outputs,” the researchers explain in the paper.

To prevent attack, the researcher say sensors must be limited in their exposure to acoustic interference and must be enclosed in dampening foam. Plus, algorithms need to be introduced to reject signals that are obviously abnormal.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10