Could Sound Waves Really Pose a Cyber-Security Risk?

6 Jun

It seems that risks are coming from all sides and angles with our connected devices and several experts believe that it’s about to get even worse.

According to Bill Buchanan (head of the Cyber Academy at Edinburgh Napier University), side channel attacks are also going to give us something to worry about.

So what’s a side channel attack?

Simply put, it’s when opportunistic cyber-criminals find another way (other than the traditional hacking ways) of disrupting and gaining access to your devices.

What sort of side channel or alternative ways can criminals use to gain access to a device?

The moment an electronic device connects to the internet, it’s immediately at risk. Researchers from the University of Michigan have discovered that sound waves can be used to interfere with a devices’ accelerometer (such as that used in your mobile phone’s navigation system). The researchers discovered that music playing on a smartphone could be used to make it look as if the user and the mobile device are actually moving (covering distance) when they are not.

On a small scale, you might think it’s not too serious if your smartphone thinks you’ve moved 10 steps when you’ve actually only moved 2. On a larger scale however, this type of disruption can be used for rather dangerous actions. For instance, the computers used in cars and drones can be affected in much the same way by these sound waves and then the implications are far more serious.

It’s also been found that when interfered with, an accelerometer can be turned into a microphone which can be used for effective spying or a data breach (gathering of information illegally). Then there’s the medical risk as most medical equipment uses accelerometers too. What would happen if medical equipment started measuring incorrectly?

Sounding out your password

Sound waves can also be used to listen to the noises that a device makes to determine passwords being typed on the device, or even on surrounding devices. While each key sound might appear to be the same to you, it can be measured in terms of soundwaves and translated into useful (or in the case of a cyber-criminal; destructive) data and information.

If researchers have stumbled across this risk, there’s a great chance that criminals are already hustling to get the concept to work in their favour. It’s high time manufacturers took the time to rethink their product security!

Of course, more testing and research is to be done, but it’s a good time to become aware of the new security risks and threats that you’re faced with. Be aware! Now you know.

Comments are closed.