Researchers from the University of Michigan have discovered a new vulnerability in accelerometers used in everyday gadgets. Using sound waves, hackers can fool device sensors into thinking they are in motion.
The team led by Associate Professor Kevin Fu conducted tests using this method to manipulate apps in popular devices like Fitbit, Samsung Galaxy phones, and more by sending specific signals to them that registered false results.
Hackers could exploit this newfound vulnerability to control analog components of gadgets that have accelerometers inside them. This could provide a backdoor that is not based on software entries as they typically are.
What are accelerometers?
Accelerometers are physical motion sensors found on fitness trackers, smartphones, and other peripherals like the Joy-Cons of the Nintendo Switch that tell the devices where they are located via digital signals.
Much like our own senses, these sensors react to stimuli that can be legitimate or false depending on the source. These digital components can register fake readings if exposed to sound waves at particular frequencies.
University of Michigan scientists conducted several tests to show how people could use this vulnerability to trigger the spring structures inside accelerometers and ‘move’ the mass that they support, effectively reading false signals.
Using this technique, researchers played tunes at different frequencies to spell the word ‘walnut’ on a Samsung Galaxy S5 accelerometer reader, and to record fake steps on a Fitbit tracker.
While not exactly transcendental, hackers could gain control of motion-sensitive features of a mobile device. Under this same premise, things get scary when people think on a larger scale and imagine scenarios where other platforms could be compromised.
IoT devices, self-driving cars, and other gadgets could be in danger
The Internet of Things has brought increasingly advanced devices that work in conjunction with one another, and some of them have motion sensors that could be affected by this exploit.
What’s more, next-generation vehicles with assistive features and self-driving systems rely largely on this kind of components to work and track incoming traffic, people, and things on the road.
Hijacking a car using just sound waves could make it stop working altogether and greatly endanger passengers onboard. This presents a new threat that most engineers had not thought of, given that most experts consider only software when dealing with security.
Both Samsung and Fitbit have been notified about this vulnerability and they are acting accordingly to re-configure their inner components so they are not prone to third-party control.
Source: University of Michigan