Everyone is very serious about security these days. The threat of hackers is at an all time rise, and everyone is worried about who is spying on them. Companies have been developing countermeasures like biometric security systems and turning to cyber security startups to help protect their businesses. However, according to a group of computer security researchers at the University of Michigan and the University of South Carolina, the hackers have a much more primitive way into your systems.
Remember the movie Hackers? There’s a part in the movie where the kids are playing a recording of a dial tone to hack the pay phones so they can use them to access the internet. It all seems very cheesy and surreal, doesn’t it?
Well, these computer scientists have found a vulnerability that allows them to take control of or influence devices through tiny accelerometers, which are used for inertial navigation systems. These components come standard in smartphones to make sure that your screen is always upright, fitness monitors to measure your heart rate and even some automobiles for navigation. In their paper, the researchers describe how they played a “malicious” music file from the speaker of a smartphone by controlling the phone’s accelerometer. How? By adding fake steps to a Fitbit.
“It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words,” said Kevin Fu, associate professor of electrical engineering and computer sciences at the University of Michigan and the chief executive of Virta Labs, “You can think of it as a musical virus.”
A musical virus indeed. With this flaw, hackers can enter commands into a smartphone by manipulating any software that relies on communicating to another device. With dozens of startups and large transportation companies pushing to develop self-driving automobiles, the fact that this vulnerability is undetected is unnerving. Dr. Fu has even researched the possibility of this potential risk on medical devices, such as introducing fatal heart rhythms into a pacemaker or tampering the automation of insulin dosages to a diabetic.
The Department of Homeland Security is to issue a security advisory alert to the semiconductor companies Analog Devices, Bosch, InvenSense, Murata Manufacturing and STMicroelectronics. Out of 20 accelerometer models, the researchers were able to affect the information from 75 percent of the devices and control the output of 65 percent of them.
The paper these researchers have written will be presented at the IEEE European Symposium on Security and Privacy in Paris next month. However, it is already available online for the public.
