As the devices with which we surround ourselves become ever more connected to the rest of the world, a lot more thought is being given to their security with respect to the internet. It’s important to remember though that this is not the only possible attack vector through which they could be compromised. All devices that incorporate sensors or indicators have the potential to be exploited in some way, whether that is as simple as sniffing the data stream expressed through a flashing LED, or a more complex attack.
Researchers at the University of Michigan and the University of South Carolina have demonstrated a successful attack against MEMS accelerometers such as you might find in a smartphone. They are using carefully crafted sound waves, and can replicate at will any output the device should be capable of returning.
MEMS accelerometers have a microscopic sprung weight with protruding plates that form part of a set of capacitors. The displacement of the weight due to acceleration is measured by looking at the difference between the capacitance on either side of the plates.
The team describe their work in the video we’ve put below the break, though frustratingly they don’t go into quite enough detail other than mentioning anti-aliasing. We suspect that they vibrate the weight such that it matches the sampling frequency of the sensor, and constantly registers a reading at a point on its travel they can dial in through the phase of their applied sound. They demonstrate interference with a model car controlled by a smartphone, and spurious steps added to a Fitbit. The whole thing is enough for the New York Times to worry about hacking a phone with sound waves, which is rather a predictable overreaction that is not shared by the researchers themselves.
We’ve covered an explanation of how MEMS accelerometers work before, as well as a look at air-gap exploits. There’s no need to worry too much about your devices with respect to this, but it’s a fascinating alternative method of input to keep in mind.
Thanks [Sterna] for the tip.
Filed under: peripherals hacks, phone hacks
No comments:
Post a Comment