Smartphones Can be Hacked Using Soundwaves

A group of computer security researchers at the University of Michigan and the University of South Carolina have discovered a security vulnerability in smart devices that allows them to be hacked via soundwaves. In a new paper, the researchers demonstrate how it is possible to use malicious sound files to take control of an accelerometer – the kind featured in smartphones, fitness trackers, and even cars – which, in turn, gives them access to the device’s software.

“It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words” and enter commands rather than just shut down the phone, Kevin Fu, co-author of the paper and associate professor of electrical engineering and computer science at the University of Michigan and the chief executive of Virta Labs, told the New York Times. “You can think of it as a musical virus.”

The accelerometer vulnerability was present in over half of the twenty brands from five manufacturers tested by the researchers, and the fear is that it exists in more devices that were not tested. The paper, entitled WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks [PDF], and the team’s findings will be presented at the IEEE European Symposium on Security and Privacy in Paris next month.