“The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor,” said Kevin Fu, one of the authors of the study and an associate professor of electrical engineering and computer science at the University of Michigan “Our findings upend widely held assumptions about the security of the underlying hardware.” The team used precisely tuned acoustic tones to deceive 15 different models of accelerometers into registering movement that never occurred. The approach served as a backdoor into the devices – enabling the researchers to control other aspects of the system. The results of the hacks the Michigan researchers demonstrated are minor. They caused a Samsung Galaxy S5 to spell out the word “WALNUT” in a graph of the accelerometer’s readings, and they tricked a Fitbit fitness tracker by using a $5 speaker to inject thousands of fictitious steps. In an another experiment, they played a malicious music file from a smartphone’s own speaker to control the phone’s accelerometer trusted by an Android app to pilot a toy remote control car. Kevin told the NY Times, “It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words. You can think of it as a musical virus.” The researchers tested 20 accelerometer chips from five different manufacturers, and found that they were able to hack 75% of the chips. Although the attack itself may appear all that frightening, it however revealed a major security hole in certain commonplace hardware sensors. Check out the video below for a more detailed explanation of the hack.
The researchers are expected to present the paper at the IEEE European Symposium on Security and Privacy in Paris next month. The researchers have also communicated their findings with the manufacturers of the vulnerable accelerometers. The Department of Homeland Security on Tuesday issued an alert about the hardware design flaws, listing which chips were at risk and what can be done to lessen the risk of a real-world attack. Source: NY Times