Resently found that a malicious music file can trick an accelerometer into giving false readings.Researchers from the University of Michigan and the University of South Carolina have revealed a handful of sonic hacks on sensors that might not seem dangerous today, but do show one more way that hackers could use the Internet of Things to cause physical harm.
Acoustic signals at the right frequency can apply enough pressure on an accelerometer’s sensing mechanism, a mass buoyed on springs, that it can spoof acceleration signals.
The sensor helps ensure the rotation of a smartphone’s screen is always positioned the right way up, counts steps in fitness trackers, and assists positioning in autonomous vehicles.
One attack demonstrated tricking a Fitbit into counting thousands of false steps. This technique doesn’t represent a significant security risk, the work more broadly highlights issues with trusting hardware sensors whose outputs can influence autonomous systems by giving false readings to a device’s microprocessors.
Fitbit pointed out that the hack does not involve a compromise of its users’ data and describing is simply a way to game the system that “We continue to explore solutions that help mitigate the potential for this type of behavior.”
The hacks highlight new ways to backdoor IoT devices that use sensors to trigger actuators, like those used in robots and other machinery to set components in motion. Such weaknesses might be missed by a classic computer penetration test.
The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor & findings upend widely held assumptions about the security of the underlying hardware.
