Speakers are everywhere, from expensive independent audio systems, laptop speakers, smart home devices, or cheap mobile music devices. And whether you use them to listen to music or chat every day, researchers have long known that commercial speakers also have the ability to emit audio frequencies that exceed the audible range of human sounds. . At the Defcon security conference last Sunday in Las Vegas, a researcher warned that this ability could be used to turn harmless speakers into dangerous sound waves.
If you're ever stunned to learn that many companies have tried to track users' browsing through non-sound ultrasound sounds emitted by computers or phone speakers, Matt Wixey – researcher Network security at PWC UK technology consulting firm – revealed an even more shocking information: anyone can write a malware capable of interfering with the device's internal speakers, causing them to play produce sounds at frequencies that cannot be heard at high intensity, or emit audible sounds at extremely high volumes. Consequence? Your hearing may be affected, causing tinnitus, or even psychological effects.
Wixey conducted research to analyze the audio playback capabilities of a range of devices, including laptop speakers, smartphone speakers, Bluetooth speakers, a small speaker, a pair of earphones, a speaker system. The vehicle-mounted bar, a vibrating speaker, and a parametric speaker emit sound in a specific direction. He wrote simple code, or a little more complete malware, to run on each device. An attacker still needs to access the device directly or remotely to distribute and install malware.
Since then, Wixey has put each speaker in turn into a soundproof container with minimal echo, called a "non-reverberating chamber". A volume meter is placed there to measure the sound emitted, while a surface temperature sensor is used to measure the temperature of each device before and after sound attacks.
Wixey discovered that smart speakers, headphones, and parametric speakers were able to emit sounds at high frequencies above the recommended average. Bluetooth speakers, noise-filtering headphones, and smart speakers are able to produce sounds at low frequencies above the recommended average.
Besides, in the process of being attacked, smart speakers generate enough heat to make the internal components begin to melt after about 4 to 5 minutes, causing the device to perish permanently. Wixey revealed this result to the manufacturer of that speaker, and the manufacturer released a patch. Wixey said that he would not release any audio malware that was written for the project, or specifically name the devices used for testing. He also did not test attacks against humans.
"There are many ethical issues and we want to minimize the risk. But as a result, a small number of devices could theoretically be attacked and turned into sound weapons "- Wixey said.
Experiments on Internet-connected smart speakers also show the potential for sound malware to be distributed and controlled through remote attacks. And Wixey said that current research on the risks people face when exposed to such sounds shows both physical and mental effects.
The sound academic research community also warned about this problem. "We are encountering an unexpected situation, when any person can buy a device for $ 20 and use it to cause sound pressure on others at the maximum allowed level "- Timothy Leighton, a researcher at the University of Southampton wrote.
A sound weapon (black device behind the police) used to protect politicians in the United States
And although it is unclear what sound weapons play a role in some attacks on politicians in Central America, there are certainly other devices that use high-intensity sound. as a deployed deterrent weapon in the world, for example canon sounds used to control violence that you can learn here.
Wixen said that his discovery was only at the basic level, and the sound technology weapons could be used on much larger scales, through the sound systems at the stadium. or commercial PA systems in office buildings.
Other IoT researchers have also made similar findings, through specific studies or suddenly multiplying through other studies. Last year, a team of researchers said they found ultrasonic sound coming from the internal components of a computer monitor that could reveal information displayed on the screen.
Vasilios Mavroudis, a researcher at the University of London, also discovered from his ultrasound tracking research that most commercial speakers are capable of producing "near ultrasound" frequencies – sounds. cities that people do not hear, but are not classified as ultrasound.
And Ang Cui, founder of embedded device security company Red Baloon, has published research in 2015, in which he uses malware to broadcast data from a printer by making internal components The printer emits sound, can be obtained and compiled by an antenna. He was not surprised to learn that these types of speakers could also be exploited that way. "Think about it – if there is no limiter or audio filter, the sound-producing things can be controlled to produce extremely loud or intense sounds. Physics explains that. And certainly it is potentially dangerous. "
Wixey offers several preventive solutions that can be integrated into both device hardware and software to reduce the risk of sound attacks. Most importantly, manufacturers can physically limit the audio frequency range so that they cannot emit inaudible sounds. Desktop and mobile operating systems can alert users when their speakers are being used, or alert when applications require control of the speaker volume.
Attack with a sound gun
Speakers or operating systems can also be equipped with digital defense barriers to filter digital audio signals capable of producing high and low frequency noises. And antivirus developers can also integrate special detection tools into virus scans to track suspicious audio activity. Environmental sound monitors for low and high frequency noise detection can also capture potential digital audio attacks.
Although the sound weapon is certainly not a comprehensive attack tool, but Wixey points out that one of the most dangerous things about this type of attack is that in many cases, you don't know it is performing. out. "You never know unless you go around with a sound meter on your hand "- he said.