“Malicious” Music Files

You’ve heard the legend that an opera singer can break a glass if they sing at the right pitch. And although it’s difficult to achieve, it’s absolutely possible! 

But did you know that the right sound waves could affect your technology?

Tech security researchers at the University of South Carolina and University of Michigan have discovered that certain tones and frequencies can influence the accelerometers in some smart devices, such as a step tracker or a smartphone. You may be asking yourself, what does this discovery mean for the future of computer security? Let’s take a closer look.

What’s An Accelerometer? 

Accelerometers measure acceleration, and are tiny chip devices that are typically used for orientation, measuring distance, and navigation in smart devices. Accelerometers are what orient your tablet’s display, measure steps in your FitBit, or (in the case of the toy car in the experiment) used by apps in your phone to control other devices. 

The Details of the Experiment

The university researchers created a sound file, a “malicious music file”, that interfered with the accelerometer in small smart devices. By playing this music file through a speaker, they were able to add false steps to a FitBit counter and controlled a tiny toy car through a smartphone app. Dr. Kevin Fu, one of the authors of the study and chief executive of Vitra Labs, told journalist John Markoff of The New York Times to think of the sound file as a “musical virus”. He explained to the Times that the experiment was born from a study that revealed how music could disable drones, and stemmed from his own cybersecurity studies with pacemakers. After testing twenty accelerometers from five manufacturers, the results showed that 75% of the chips could be affected. The results of this study are being presented in a paper, due to debut in April at IEEE European Symposium on Security and Privacy in Paris.

What Does This Mean for the Future of Technology?

Our technology continues to rely on these accelerometers to make our devices more user-friendly and predictable, especially when it comes to cars and wearables. In the same article from The New York Times, John Markoff wrote that “...the discovery was not a sky-is-falling bug but rather a revealing window into the cybersecurity challenges inherent in complex systems in which analog and digital components can interact in unexpected ways.” The influence of “malicious music files” on accelerometers is a minor flaw, but one that could potentially be exploited in the future if it’s not fixed today. 

As of the results of this experiment, it’s only been proven that a sound file can send false data to an accelerometer, and not influence the brain of a device itself. You can rest easy knowing that we’re a long way from controlling people’s cars or smartphones with music. Thanks to the researchers at the University of Michigan and University of South Carolina, this flaw has been exposed and can be addressed by tomorrow’s tech engineers.