Sound can be used to hack into a wide range of internet connected gadgets including smartphones, cars and medical devices, according to a new study published Tuesday.
The researchers at the University of Michigan were able to access any of these products by shooting sonic waves at their vulnerable sensors. They then could use the compromised sensors as a backdoor to the device.
The troubling finding shows that computer engineers and technology companies need to worry about not just the security of software, but hardware as well.
The research will be presented at a symposium next month in Europe.
The study adds to the mounting security concerns revolving around the so-called “Internet of Things”, a term used to encompass the large group of devices and appliances that can connect to the web.
Using a cheap speaker, the researchers could trick a wearable fitness tracker, Fitbit, into adding thousands of steps to its count.
A toy car controlled by a smartphone app could similarly be piloted with a malicious audio file.
The study authors used another audio file to trick the sensors of a Samsung Galaxy S5 smartphone into spelling the word “walnut” in a graph illustrating the sensors’ readings.
Similar to the famous concept of an opera singer breaking a wine glass by hitting a certain note, the researchers found that sensor technology can be manipulated with sound.
“The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor," lead author Kevin Fu said in a statement. "Our findings upend widely held assumptions about the security of the underlying hardware. If you look through the lens of computer science, you won't see this security problem. If you look through the lens of materials science, you won't see this security problem. Only when looking through both lenses at the same time can one see these vulnerabilities.”