Researchers have managed the feat of taking control of the accelerometer of smartphones through sound waves. This research shows, for example, that it is possible to hack the data of a connected bracelet or to control a small car using an application.
A team of researchers from the universities of Michigan and South Carolina has exploited the vulnerability of smartphone accelerometers, research explained in a comprehensive scientific paper (PDF, 16 pages). Modifying the operation of a smartphone using music files would then be possible.
American researchers have demonstrated that sound waves are capable of influencing the information of the accelerometers fitted to practically all smartphones, which would make it possible to enter commands directly there. It turns out that the vibrations caused by the sound waves of the music manage to move the accelerometers of the phones which are really just tiny mechanical mechanisms. This movement is also impossible for the user to detect since the phone does not move at all.
The scientists managed to modify the output signal of the smartphone in 75% of cases, but they were also able to take complete control of it in 65% of cases. For the New York Times, one of the authors of the study Kevin Fu explains: “It’s a bit like the opera singer who manages to break a glass with his voice, except that in our case, we can spell words. We can thus imagine it as being a musical virus. »
About twenty products from different brands have been tested with this kind of “musical virus”. This has already made it possible to modify the step count of a Fitbit connected bracelet. This was possible by playing the famous music file with the smartphone speaker.
The researchers also managed to take control of a connected toy, a miniaturized car that can be controlled via an application. This application then takes into account the movements made by the smartphone in order to control the car, a manipulation still possible thanks to the sound waves capable of deceiving the accelerometer.
Obviously, scientists are concerned that this process could be used for malicious purposes and there are many applications. For example, it is possible to take control of an accelerometer intended to dose the administration of insulin to a patient according to his physical activity and thus modify the data in order to increase or decrease this dosage.
Sources: MotherBoard – 01net