Need directions? Your smartphone already knows where you are. How many steps have you taken today? Your Fitbit has that covered. But hackers equipped with the right knowledge may be able to use those items against you.
Smart devices track our movement through built-in capacitive MEMS accelerometers, which measure when an object such as a smartphone or fitness tracker moves, at what speed and in what direction. Researchers at the University of Michigan and the University of South Carolina have found a way to hack these accelerometers by using targeted soundwaves to make the devices think they’re in motion — what they call an “acoustic injection attack.” By nudging the MEMS accelerometers with soundwaves, researchers can send commands to a smartphone. However, these accelerometers are used in more than just smart devices: They’re also found in cars, planes and some satellites, among other things.
The “sonic cyberattacks” have successfully been used in a lab to take over a phone to do simple tasks such as control a toy car, but the developers are concerned for the more malicious ways someone with ill intent could harness the method. In an interview with The New York Times, lead researcher Kevin Fu notes the cybersecurity risks posed by certain medical devices, such as the potential for someone to wirelessly control a pacemaker to beat at a fatal rhythm.