Scientists Can Hack Sensors in Cars and Phones with a $5 Speaker
Nicole Casal Moore, 17 Mar 17
       

With a $5 speaker, researchers fooled hardware sensors called accelerometers. (Credit: Joseph Xu/Michigan Engineering)

Critical sensors in lots of cars, phones, and medical devices could be vulnerable to hacks from sound waves.

The sensors involved in the research are known as capacitive MEMS accelerometers. They measure the rate of change in an object’s speed in three dimensions. It turns out they can be tricked.

Researchers used precisely tuned acoustic tones to deceive 15 different models of accelerometers into registering movement that never occurred. The approach served as a backdoor into the devices—enabling the researchers to control other aspects of the system.


“If autonomous systems can’t trust their senses, then the security and reliability of those systems will fail.”


“The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor,” says Kevin Fu, associate professor of computer science and engineering at the University of Michigan, who led the team. “Our findings upend widely held assumptions about the security of the underlying hardware.

“If you look through the lens of computer science, you won’t see this security problem. If you look through the lens of materials science, you won’t see this security problem. Only when looking through both lenses at the same time can one see these vulnerabilities.”

Hacked a Fitbit and a Samsung Galaxy S5

The researchers performed several proof-of-concept demonstrations: they used a $5 speaker to inject thousands of fictitious steps into a Fitbit. They played a malicious music file from a smartphone’s own speaker to control the phone’s accelerometer trusted by an Android app to pilot a toy remote control car.

They used a different malicious music file to cause a Samsung Galaxy S5’s accelerometer to spell out the word “WALNUT” in a graph of its readings.

All accelerometers have an analog core—a mass suspended on springs. When the object the accelerometer is embedded in changes speed or direction, the mass moves accordingly. The digital components in the accelerometer process the signal and ferry it to other circuits.

“Analog is the new digital when it comes to cybersecurity,” Fu says. “Thousands of everyday devices already contain tiny MEMS accelerometers. Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.”

Sensors in self-driving cars

Autonomous systems like package delivery drones and self-driving cars, for example, base their decisions on what their sensors tell them, says Timothy Trippel, a doctoral student in computer science and engineering and first author of a new paper on the findings.

“Humans have sensors, like eyes, ears, and a nose. We trust our senses and we use them to make decisions,” Trippel says. “If autonomous systems can’t trust their senses, then the security and reliability of those systems will fail.”

The trick Trippel and Fu introduced exploits the same phenomenon behind the legend of the opera singer breaking a wine glass. Key to that process is hitting the right note—the glass’ resonant frequency.

The researchers identified the resonant frequencies of 20 different accelerometers from five different manufacturers. Then instead of shattering the chips, they tricked them into decoding sounds as false sensor readings that they then delivered to the microprocessor.

Trippel noticed additional vulnerabilities in these systems as the analog signal was digitally processed. Digital “low pass filters” that screen out the highest frequencies, as well as amplifiers, haven’t been designed with security in mind, he says. In some cases, they inadvertently cleaned up the sound signal in a way that made it easier for the team to control the system.

The researchers recommend ways to adjust hardware design to eliminate the problems. They also developed two low-cost software defenses that could minimize the vulnerabilities, and they’ve alerted manufacturers to these issues.

The university is pursuing patent protection for the intellectual property and is seeking commercialization partners to help bring the technology to market.

The researchers will present a paper on the work April 26 in Paris at the IEEE European Symposium on Security and Privacy. The National Science Foundation supported the research.

Sign in to view full article

       
Does Playing Chess Make You Smarter? A Look at The Evidence
The stereotype of the chess player is someone who is smart, logical and good at maths. This is why so ...
Giovanni Sala, Fernand Gobet
Wed, 17 May 17
Far Beyond Crime-Ridden Depravity, Darknets Are Key Strongholds of Freedom of Expression Online
The internet is much more than just the publicly available, Google-able web services most online users frequent – and that’s ...
Roderick S. Graham
Wed, 1 Feb 17
610 Office, ‘China’s Gestapo’, Is Criticized by Party Investigators
Working with the Chinese police, agents of the “610 Office” would break into the homes of Falun Gong practitioners, ransack ...
Larry Ong
Mon, 2 Jan 17
Organ Harvesting in China: Foreigners ‘Are 1 in 5’ Transplant Recipients
Prisoners of conscience are murdered on demand for their organs in China to supply a state-run transplant industry where one ...
James Burke
Mon, 20 Feb 17
Norway’s Oil Fund Is A Tarnished Gold Standard For Sustainable Investment
The largest sovereign wealth fund in the world, Norway’s US$930 billion Government Pension Fund Global, is seen as the epitome ...
Beate Sjåfjell
Thu, 4 May 17
An Epoch Times Survey
Advertise with Us
Join us today!
Sports Elements
BUCHERER
Read about Forced Organ Harvesting