Sound waves can be used to fool your phone's motion sensors
They could hijack your device in the right conditions.
It's tempting to assume that the sensors on your mobile devices are trustworthy. Surely something that relies on real-world activity can't lie, right? Unfortunately, that's no longer the case. Scientists have discovered that you can fool mobile devices' motion sensors into registering non-existent data by playing the right sounds. The technique involves playing a tone at the resonant frequency for the spring structures inside accelerometer chips, much in the same way as you might shatter a wine glass. It's not strictly hacking (not in the conventional sense, anyway), but it could lead to an outsider taking control of motion-related features in the right circumstances.
In tests, the team managed to steer an app-controlled toy car by playing carefully crafted music through an Android phone's speaker. They also got a phone to spell out the word "walnut" in a graph through another piece of music, and made a Fitbit tracker record imaginary steps using a basic speaker. None of these specific attacks are particularly frightening, but the team notes that this could theoretically be used to hijack drones or other vehicles that depend on motion sensing to get around.
The good news: this is relatively easy to defend against. There are two "low-cost" software solutions to thwart the resonant frequency exploit, and the researchers have already reached out to manufacturers (including Fitbit and Samsung) to make sure they're aware of the issue. This particular vulnerability might not last long. However, it's still an eye-opener -- it shows that sensor security can be just as important as the operating system or your apps.
