Acoustic Attack On Motion Sensors

And yet another jaw dropping security attack on mobile devices (and also on IoT and lots of other technology).

Timothy Trippel and colleagues at Michigan and South Carolina describe “acoustic injection attacks” on accelerometers, that can mess with apps on your phone, drone, or other sensor-equipped device. Yoiks!

The researchers give the gory technical details in a paper to be presented in April [1]. But the general idea is simple enough.

Sound waves can be used to create false output from the accelerometer. Basically, playing a sound at the accelerometer’s resonant frequency can push it to respond just as it does to movement. This not only messes up the motion sensing, it can be used to fool the device, i.e., to spoof whatever signal you want. An attacker that can play sounds near the device may be able to take it over and make it do whatever he wants.

This attack is significant because there are many applications that are using accelerometer data for critical system controls, including input to AI algorithms that detect human and machine behavior, and vehicle navigation. Accelerometers are also used in gesture based interfaces.

So, evil doers might fiddle a fitness tracker, registering extra steps and false positions. More alarming, an attack might mislead the navigation of a drone or self-driving car. A gesture based controller might be taken over to send false instructions. And so on.

This is certainly an alarming flaw for the development of whole-body interfaces and other wearable devices. It’s hard enough to get motion and tracking to work, it’s not great to hear that it might be hacked.

This is yet another grievous potential flaw in self-driving cars and other sensor heavy machinery.  Even if you secure the wireless and other networks (which is pretty iffy, if you want my opinion), the system might still be hacked by a drive by boom box or covert squawk from the satellite music stream.

Sigh.

The research indicates that the majority of current mass produces MEMS accelerometers are vulnerable to this attack, at least to some degree. The paper recommends design improvements for future sensors, and some software defenses that protect systems with vulnerable sensors. In addition, sensors might be swathed in soundproofing.

The software countermeasures are interesting: they avoid simple periodic sampling of the signal, using random or 180 degree out of phase sampling. These yield the same result as regular sampling of the analog signal, but cannot be fooled by the acoustic injection in many cases.

This is a cool paper! Nice work.


  1. Timothy Trippel, Ofir Weisse, Wenyuan Xu, Peter Honeyman, and Kevin Fu, WALNUT: Waging Doubt on the Integrity of {MEMS} Accelerometers with Acoustic Injection Attacks, in IEEE European Symposium on Security and Privacy. 2017: Paris. https://spqr.eecs.umich.edu/papers/trippel-IEEE-oaklawn-walnut-2017.pdf
  2. WALNUT. WALNUT: Acoustic Attacks on MEMS Sensors. 2017, https://spqr.eecs.umich.edu/walnut/.

 

2 thoughts on “Acoustic Attack On Motion Sensors”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s