#HIJACK DEFCON SOFTWARE#
Wixey suggests a number of countermeasures that could be incorporated into both device hardware and software to reduce the risk of acoustic attacks. And absolutely, it could potentially be dangerous.” “Think about it- if there’s no limiter or filter in place, things that make sounds can be forced to make really loud or intense sounds. “I’m not at all surprised that speakers can be manipulated this way,” Cui says.
Vasilios Mavroudis, a doctoral researcher at University College London, also found in his research into ultrasonic tracking that most commercial speakers are capable producing at least "near-ultrasonic" frequencies-sounds that are inaudible to humans, but don't quite technically qualify as ultrasonic-if not more.Īnd Ang Cui, who founded the embedded device security firm Red Balloon, published research in 2015 in which he used malware to broadcast data from a printer by crunching the internal components of the printer to make sounds that could be picked up and interpreted by an antenna.
We were only scratching the surface and acoustic cyber-weapon attacks could potentially be done at a much larger scale using something like sound systems at arenas or commercial PA systems in office buildings.” “As the world becomes connected and the boundaries break down, the attack surface is going to continue to grow,” Wixey says. in excess of the maximum permissible levels for public exposure," Timothy Leighton, a researcher at the University of Southampton wrote in the October issue of The Journal of the Acoustical Society of America.Īnd while it is still unclear whether acoustic weapons played a role in the attack on United States diplomats in Cuba, there are certainly other devices that intentionally use loud or intense acoustic emanations as a deterrent weapon, like sound cannons used for crowd control. "We are currently in the undesirable situation where a member of the public can purchase a $20 device that can be used to expose another human to sound pressure levels. The acoustic academic research community has increasingly been warning about the issue as well. “We wondered if an attacker could develop malware or attacks to emit noise exceeding maximum permissible level guidelines, and therefore potentially cause adverse effects to users or people around.” “I’ve always been interested in malware that can make that leap between the digital world and the physical world,” Wixey says. Those aural barrages can potentially harm human hearing, cause tinnitus, or even possibly have psychological effects.
But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume. It’s creepy enough that companies have experimented with tracking user browsing by playing inaudible, ultrasonic beacons through their computer and phone speakers when they visit certain websites. At the Defcon security conference in Las Vegas on Sunday, one researcher is warning that this capability has the potential to be weaponized. And while you rely on them for music or conversation, researchers have long known that commercial speakers are also physically able to emit frequencies outside of audible range for humans. Speakers are everywhere, whether it's expensive, standalone sound systems, laptops, smart home devices, or cheap portables.
0 kommentar(er)
