Posted on August 15, 2019 at 2:45 AM
According to Matt Wixey, a noted researcher at PricewaterhouseCoopers (PwC,) hackers can now take over our speakers and make them “acoustic weapons,” as far-fetched as it may sound at first glance.
Our devices, including computers, laptops, and virtually anything with a microphone, camera or speaker that is connected to the Internet, have the ability to listen to us via ultrasound or voice assistants. That way, they can track us. However, we are now at risk of suffering a more direct kind of attack.
Inaudible Frequencies or Loud Sounds
Per Wixey, the embedded speakers present in our devices can damage us if hacked: there are two ways this can happen: one, via high intensity, but inaudible frequencies that can have a notable effect, or via loud sounds at volumes that can harm our audition.
He dubbed the described resources as acoustic cyber weapons, at the Defcon security conference over the weekend. The expert observed that his work and subsequent experiments were performed as part of the research for his University College London’s PhD.
As part of his investigation, he discusses unconventional sounds and their particular interactions in the security field. Some of these interactions include digital/physical crossover offenses that are malware-powered and can inflict varying degrees of acoustic damage.
Tolerance to Sounds: A Chart
As it turns out, sounds can be very harmful if they surpass specific tolerance levels. At his Defcon presentation, Wixey showed a decibel chart from Survival Life to educate the audience about the damage levels that sounds may inflict.
Here are some of the situations:
- 100 dB will cause your eyes to twitch. The sound is, allegedly, between a chainsaw and a lawnmower.
- 188 dB will cause collapse lungs, which will result in subsequent death.
- 194 dB will cause your bones to shatter and your internal organs will be ruptured.
- The person will die instantly at 200 dB.
Per Wixey, aural barrages have the potential to cause devastating effects, both psychologically and physiologically speaking. Some of the consequences of the mentioned situation can be as harmless as ear pain, nausea, headaches or fatigue; or as severe as neurasthenia, cardiac neurosis, hypotension, and bradycardia.
Wixey told a prominent specialized site that he has always been interested in malware that can transcend and travel between the two universes; the physical and the digital. He said that he wondered whether a hacker could develop a form of offense that could surpass maximum levels of tolerated decibels to cause physical pain and other tangible consequences.
Custom-Made Malware and Viruses
Then, Wixey told another influential media platform that he and his research team fed with custom-made malware and viruses, as well as from other known exploits, in an effort to achieve the attack and get devices to emit potentially harmful sounds for a sustained period of time.
Of course, the specialist didn’t reveal the brands of the devices he and his team managed to exploit and attack, but said that among them was a laptop worth one thousand US dollars that was hacked; a $200 smartphone that suffered from remote and local attacks, a $200 smart speaker, a $50 Bluetooth speaker, and headphones worth over $400, which were known to be vulnerable to several attack vectors.
Other devices and gadgets were also exploited and used to attack people with acoustic cyber weapons, even cheaper ones with embedded speakers. According to Wixey, the brands of susceptible devices are not important.
The power of sound and ultrasound has become an interesting subject in the last few years. In September 2017, researchers at the Zheijiang University in China demonstrated that it is possible to take over Alexa, Siri, and other voice-activated systems by implementing inaudible ultrasound commands.
While it is still not clear how to swiftly defend against one of these attacks, awareness goes a long way and it is the first step towards coming up with a “sound” defense.