By Michael Goodyear
Hacking into electronic systems is certainly not new. People have taken over entire smart homes and data breaches have cost companies such as Target and Home Depot millions of dollars. But a team of researchers has found a new way to hack: music.
Researchers at the University of Michigan and the University of South Carolina have found a weakness in Microelectromechanical systems (MEMS) accelerometers, standard components of electronic systems ranging from your smartphone to automobiles and drones. MEMS accelerometers have a sensing mass that shifts depending on the accelerative forces exerted on it, which in turn sends out a voltage signal that correlates to the sensed acceleration function. By exerting acoustic interference, the researchers displaced the sensing mass, basically causing involuntary actions in the device.
These acoustic attacks could just be a relatively harmless interference. For example, by using a YouTube music video interspersed with special tones, the researchers spoofed a MEMS accelerometer to send out a signal that resembled the word “WALNUT,” which became the name of the team’s acoustic attack.
But the consequences could be much more dire. Some systems depend on the MEMS accelerometers to make automated decisions. By playing a malicious audio file, the hacker could take control of these devices or surreptitiously influence them.
WALNUT was used to take over a remote-control car via an app on an infected phone. While a rogue remote-control may not be too scary, MEMS accelerometers are also used in much larger systems, such as cars and drones, which could cause immense amounts of damage if they were taken over.
The researchers also used WALNUT to alter the amount of steps on a Fitbit. While the researchers did not think such an attack posed a serious security risk (they instead pointed out that it could be used to garner free Fitbit rewards through programs such as Higi.com), the ability to alter health data on a device could have serious consequences. If health data such as that on a Fitbit can be changed, the resulting inaccuracies could negatively impact those that depend on the apps or devices for managing their health, potentially leading them to follow incorrect data and make a decision that could damage their health. Even more dangerous, mobile health apps that control devices such as pacemakers or insulin pumps, or even the devices themselves, could be changed to create a fatal heart rhythm or administer the wrong dosage of insulin.
WALNUT is not just a fringe technology that can only affect the occasional device. The researchers found that 65% of the accelerometers (15 of 20 accelerometer models by 5 different app manufacturers) were vulnerable to an acoustic output control, where devices such as the remote-control car could be taken over. They also found that 75% of the accelerometers they tested were vulnerable to an acoustic output biasing hack, where information like your Fitbit step count could be altered.
The Internet of Things offers many advantages, but as WALNUT illustrates, it can be infiltrated with something as simple as a YouTube song. The consequences of our dependence on technology could not only hurt our privacy, but also our physical wellbeing. In their paper, the WALNUT team outlined how to better protect against the acoustic takeovers, but if the accelerometer chip makers don’t follow the advice, maestro hackers may just have one more instrument in their orchestra for assailing the Internet of Things.
Michael Goodyear, who has a BA in History and Near Eastern Languages and Civilizations from the University of Chicago, is part of the ISLAT team.