Hackers Can Now Take Control Of Your Smartphone Using Sound Waves

A team of researchers have done something incredible yet terrifying - using sound waves to hack a smartphone, using a method that could be used to theoretically control any technology with an accelerometer.

Using a small speaker worth £4, researchers at the University of Michigan and the University of South Carolina have found an exploit that requires tricking capacitive MEMS accelerometers - the chip that lets your smartphone/fitness tracker know when in motion.

The small speaker pumped out malicious music files, filled with certain frequencies that essentially “crack” this sensor open for the team to make their way into the device. In 20 different accelerometers from five manufacturers, more than half of them fell victim to this hack.

So how specifically does this work? Well, let’s go into some detail. MEMS accelerometers are made from a small piece of material suspended on springs, with the sensitivity to notice any movement. The transmitted sound waves nudge this piece to make it think its in motion, and this sonic cyber attack of sorts can trick a smartphone into doing whatever the hacker wants.

In the video, the team demonstrate how they managed to take over a smartphone app that drives a RC car with nothing but sound. Not just that, they tricked a Fitbit into counting steps when completely still (every fitness-hater’s dream) and force a Samsung Galaxy S5 to spell out word’s with the accelerometer’s output signal.

What’s more scary, though, is that this experiment is merely a proof-of-concept exercise, which can be theoretically done to any smartphone apps, given the right knowledge. Hell, that toy car example could be expanded upon, as these kinds of accelerometers are used in real cars, airplanes, drones and even medical devices. 

The terrifying possibility of broadcasting a malicious music file over the radio to cause car accidents, influence healthcare machines to kill patients and down airplanes. It’s an incredibly dark story you would expect from the likes of a Black Mirror episode. We always had the comfort of knowing no matter how eerily close to realism that show is, we were fairly sure it wasn’t going to happen.

Now this has happened, outside of the Hollywood-reality of Black Mirror, it’s become so much scarier. We are literally living in an episode.

“Thousands of everyday devices already contain tiny MEMS accelerometers,” Fu said in a release. “Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.”

The researchers shared their findings with manufacturers, and the Department of Homeland Security even issued an alert about this flaw - showing what chips are at risk from this potential attack.

Enough of border security or immigration control - cyber security should be a priority.