Computer security researchers at the University of Michigan and the University of South Carolina have uncovered a security loophole which seems to suggest that music and sound waves can be used to hack phones, computers and cars.
Using accelerometers – motion measurers installed in all smart devices, fitness monitors and some cars – can be manipulated and taken control of using a “malicious music file”.
The New York Times notes that, in their paper, the researchers “added fake steps to a Fitbit fitness monitor and played a “malicious” music file from the speaker of a smartphone to control the phone’s accelerometer. That allowed them to interfere with software that relies on the smartphone, like an app used to pilot a radio-controlled toy car.”
Kevin Fu, one of the paper’s authors and an associate professor of electrical engineering and computer science at the University of Michigan, elaborated on the process. “It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words […] You can think of it as a musical virus.”
Dr. Fu has previously researched the cybersecurity risks of medical devices, including a demonstration of the potential to wirelessly introduce fatal heart rhythms into a pacemaker.
According to NYT, Fu and his fellow researchers tested 20 accelerometer chips from five different manufacturers, and found that they were able to hack 75% of the chips.
Watch the video above for a more detailed breakdown of their work.