Some Phone Sensors Can Be Exploited By Sound Waves

Advertisement
Advertisement

Exploits and malicious attacks come in many forms, and thanks to sensors belonging to the MEMS group found in some modern smart devices, certain sound wavelengths are now among those forms. The WALNUT attack, discovered and refined by researchers the University of Michigan, consists of feeding a device tainted audio that's been laced with a certain acoustic pattern. This, in turn, tricks the sensors in question into outputting whatever the attack signal dictates, rather than their normal output. This applies to things like the accelerometer, gyroscope, pressure sensor, microphone and other sensor gear that, generally speaking, is not vital to the core computing function of the device and measures outside variables.

While such an attack may not sound like much of a threat at first, the theoretical implications are actually pretty chilling. The most obvious example is applications that actually use these sensors. This can range from things like keeping you from playing a game that requires you to turn your phone in landscape mode to hijacking control apps for RC cars, drones, and the like that are usually controlled through tilting your device. Hijacking these sensors can also provide wonky output to test programs, or even control the audio output of a recording, causing the attack sound to spread to other devices that play the recording. Naturally, souring any sort of measurement done with these sensors could also be annoying or even disastrous, depending on the case at hand; cars come to mind as a particularly frightening form of this vulnerability, especially the self-driving kind.

Not all MEMS sensors are vulnerable to these attacks. The types and models of sensors that are vulnerable can, in some cases, be braced against this vulnerability prior to deployment. Likewise, future software updates to devices featuring vulnerable equipment could help to protect the equipment from this sort of attack. Casual users likely won't need to worry about this sort of attack having any harmful effects on the devices that they use and interface with every day any time in the near future, if at all, but the potential is there. Now that the vulnerability has been thoroughly detailed, including a section in the white paper about safe deployment of vulnerable equipment and how to help bolster current deployments against attack, there likely won't be much, if anything, to worry about.

Advertisement