The most frightening cyberattacks are the ones that bridge the gap between the virtual world and the real one. Now, experts warn that hackers could turn the speakers in any internet-connected device against their user.
Considering there are speakers within almost every piece of tech these days, it makes the threat even more concerning. The acoustic cyberweapons could emit dangerous frequencies that have the potential to cause permanent hearing damage or even induce psychosis.
Turn that Off
Plenty of cybersecurity experts gave presentations at Defcon in Las Vegas earlier this week. However, one was particularly spine-tingling. Matt Wixey, the lead researcher at PwC UK, a technology consulting firm, showed how easy it is to develop malware that can turn speakers into cyberweapons.
Wixey notes that he has a fascination with malware that can affect the real world. He says, “We wondered if an attacker could develop malware or attacks to emit noise exceeding maximum permissible level guidelines, and therefore potentially cause adverse effects to users or people around.”
Indeed, his research found that devices like laptops, smartphones, Bluetooth speakers, and even headphones can be compromised. To make things worse, it only takes a relatively simple bit of code. Wixey and his team found that all of the devices were capable of emitting frequencies (either high or low) that exceed safety recommendations.
Perhaps most shocking was what happened when he launched an attack on an internet-connected speaker. After just a few minutes of emitting an extremely high pitch, the internal components started melting, disabling the device. While Wixey won’t release the names of the hardware he performed tests on, he confirmed that the speaker’s manufacturer has released a patch to fix the vulnerability.
Internet of Things devices are a tremendous convenience. However, cybersecurity researchers warn that they create a network vulnerable to such attacks.
Wixey says specifically of acoustic cyberweapons, “We were only scratching the surface and acoustic cyber-weapon attacks could potentially be done at a much larger scale using something like sound systems at arenas or commercial PA systems in office buildings.”
With these devices in close proximity to millions of users, the potential for permanent damage is high. Researchers warn that even everyday speakers are capable of emitting frequencies that can cause permanent damage to the auditory system ranging from hearing loss to tinnitus. Meanwhile, exposure over a long period can overload a person’s sensory system and lead to negative psychological effects.
Of course, these frequencies aren’t always audible to human ears. This means that similar cyberattacks could be performed without victims knowing until it is too late.
Wixey’s research demonstrates how vulnerable the devices surrounding us are. With the potential to cause harm to users, companies manufacturing these devices must take steps to ensure they are secure.