University of Michigan researchers were able to successfully hack into sensors in smartphones, automobiles, medical devices, and IoT products, the university announced Tuesday. Using only a simple $5 speaker, the researchers were able to outwit accelerometers and gain additional access to the system, a press release said.
The work taps into security vulnerabilities present in hardware systems, as these sensors are often sending critical data to autonomous and automated systems. The specific accelerometers studied by the researchers are known as MEMS accelerometers, which measure an object's speed changes in three dimensions, the release noted.
Using "precisely tuned acoustic tones," researchers were about to trick 15 separate accelerometers models into recording movement that didn't actually happen. For example, they were able to register false steps on a Fitbit. While this may not seem nefarious at first, this method offered "a backdoor into the devices--enabling the researchers to control other aspects of the system," the release said.
"We were able to, not only, disable systems with acceleration sensors, but we could control their output in a way that would alter the behavior of systems that use these devices," University of Michigan graduate student Timothy Trippel explained in a video.
University of Michigan's Kevin Fu, an associate professor of computer science and engineering, led the team in this research. By tricking these systems into accepting a "false reality," Fu said in the release, the team raised some concerns about the security present in many hardware systems.
"If you look through the lens of computer science, you won't see this security problem," Fu said in the release. "If you look through the lens of materials science, you won't see this security problem. Only when looking through both lenses at the same time can one see these vulnerabilities."
The researchers were able to manipulate these sensors by using the right note to cause the accelerometer to register movement. Accelerometers rely on an analog core, which sits on a set of springs, the release said. When the device (like a smartphone or IoT device) moves, that movement is felt, and recorded, by the analog core as it shifts on its springs. That signal is then processed and sent to other circuits in the device, the release said.
Much like how an opera singer famously broke a glass with their voice, the researchers tried to find the resonant frequency that would affect the sensor, the release said.
"Analog is the new digital when it comes to cybersecurity," Fu said in the release. "Thousands of everyday devices already contain tiny MEMS accelerometers. Tomorrow's devices will aggressively rely on sensors to make automated decisions with kinetic consequences."
The digital processing step in the system also presented another vulnerability that made it even easier for the researchers to control the systems they were a part of, the release said. In the video, Trippel said the team contacted the manufacturers of the chips they studied, and recommended ways to help them make more secure chips in the future.
The team also developed two software tools to help defend against the threats, and they are working to commercialize them as well, the release said.
Update: After the publishing of this article, a Fitbit spokesperson reached out to TechRepublic and said: "To be clear, this is not a compromise of Fitbit user data and users should not be concerned that any data has been accessed or disclosed." The technique presented by the researchers, the spokesperson said, is "simply a way to game the system."
The 3 big takeaways for TechRepublic readers
- University of Michigan researchers used sound waves to hack into smartphone and IoT sensors and manipulate the systems they are a part of.
- The sensors utilize analog cores, which were fooled by the sound waves into recording false movement.
- The research raises additional concerns about hardware security and the role it plays in the future of our connected lives.
- Report: 48% more IT professionals are taking security training (TechRepublic)
- Machine learning can also aid the cyber enemy: NSA research head (ZDNet)
- FBI won't release iPhone hacking tool and is still using it to 'gather intelligence information' (TechRepublic)
- Ransomware: Now cybercriminals are stealing code from each other, say researchers (ZDNet)
- How does the enterprise respond to increased security threats? Crosstraining (TechRepublic)