Smartphones, Fitbits, Smart Watches Can Be Hacked Using Sound Waves

New research exposes broad risks accompanying our increasing use of technology

Fitness Tracker Heart Monitor / Smartphones, Fitbits, Smart Watches Can Be Hacked Using Sound Waves
Image: Pixabay
March 14, 2017

Computer security researchers have found a way to hack common technology products like smartphones and Fitbits using sound waves.

A musical virus

The New York Times (NYT) reports that researchers from the University of Michigan and the University of South Carolina have found a vulnerability in many consumer items that lets third parties influence or get control of the items. This is done using tiny accelerometers inside the devices, components that are a standard part of such products.

The researchers illustrated the security flaw by adding steps artificially to a Fitbit fitness monitor and played a music file that was "malicious" from a smartphone's speaker in order to control its accelerometer. This then let them interfere with other software that relies on the phone, like an app for driving a radio-controlled toy car.

"It's like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words" and enter commands rather than just shut down the phone, said Dr. Kevin Fu. Dr. Fu is one of the authors of the paper, an associate professor of electrical engineering and computer science at the University of Michigan, and chief executive of Virta Labs, a company that focuses on cybersecurity in health care.

"You can think of it as a musical virus," he explained.

The scientists found the flaw in more than half of the 20 commercial brands they tested from five chip makers. It shows the challenges in security that have risen as people have incorporated more and more digital devices into their daily lives.

Planes, Trains, Automobiles, and Insulin Pumps?

Now that major auto manufacturers and start-ups are working on self-driving vehicles, the possibility of undetected security flaws that could let an attacker remotely control a vehicle is worrying.

However, the researchers explained that they saw the discovery as a window into the "cybersecurity challenges inherent in complex systems in which analog and digital components can interact in unexpected ways" rather than a reason to panic.

"The whole world of security is about unintended interactions," said Paul Kocher, a former executive at chip company Rambus and currently a cryptographer.

The accelerometer measures acceleration and is used to navigate, figure out how a tablet computer is oriented, and to measure distance travelled in fitness monitors.

When the researchers hacked the toy car, they controlled it by making the accelerometer produce false readings. There are more serious ways in which the flaw could be exploited, however, such as in the instance that an accelerometer is designed to control the automation of a diabetic's insulin dosage. In this case, it could be possible to tamper with the system controlling the dosages.

Dr. Fu said that the Department of Homeland Security was expected on Tuesday to issue a security advisory alert regarding chips produced by the semiconductor companies documented in the study: Analog Devices, Bosch, InvenSense, Murata Manufacturing, and STMicroelectronics.

Get Connected with Consumer Connections

Stay up-to-date about issues that really matter! Get the Consumer Connections newsletter!

We're committed to providing you with information you need to make you a better, more informed consumer. Whether it's a vehicle recall, a product recall, or a new scam, we feature it in Consumer Connections.

So why not give it a try? Go on. All of your friends are doing it. It's completely free and comes just once a week.

Have you noticed your iPhone slowing down at all since its last update? If it's slow to respond, crashing, or freezing on random screens, it may be a problem with the device's memory. Although the iPhone's RAM automatically clears when you restart the device, you don't have to reboot it in order to speed it up and fix these memory issues.

Dell laptop computers have a built-in battery sensor that, upon occasion, may fail to be detected by the computer. You may find that a fully charged and functioning battery won't power on the laptop or will flash error lights. If this is the case, you don't necessarily have to run out to buy a new battery!

There are numerous causes for poor signal strength. It could be a problem with the carrier, or it could be that materials in the walls of your home are blocking the signal. Regardless of the cause, there is a way to boost your cell phone's signal to get the most possible at home.

Whether your phone is wireless or connected to a landline, you know that you'll be getting a bill every month. What you may not know is what all the fees and charges listed on the bill actually mean. Savvy consumers know what they're paying for. If you want to avoid any nasty surprises, get to know your bill and make sure you know what you're being charged for.