Security researcher Matt Wixey discovered vulnerabilities in a number of devices, operation of which can turn the device into an “offensive” sound cyber weapon.Vulnerabilities affect laptops, mobile phones, headphones, speakers and several types of speakers.
Wixie wrote both simple code scripts and slightly more sophisticated malware to run on different devices.
“I’ve always been interested in malware that can make that leap between the digital world and the physical world. We wondered if an attacker could develop malware or attacks to emit noise exceeding maximum permissible level guidelines, and therefore potentially cause adverse effects to users or people around”, — Wixey says.
According to Wixie, an attacker can use device vulnerabilities to cause physical harm and anxiety to owners. The researcher conducted a series of tests, during which he tried to find out whether it is possible to manipulate the volume controls and speakers on the devices in order to produce harmful high-frequency and low-frequency sounds.
As part of one of the attacks, Wixie used a program to scan the local Wi-Fi and Bluetooth network for vulnerable speakers for the purpose of further capture. Any compromised device could be used to play harmful sounds.
In some cases, the sounds made are only annoying or disorienting, but at certain levels, such noises can damage a person’s hearing. During one of the tests, the gadget crashed after researchers forced it to emit some sound signals within a few minutes.
However, attackers will still need physical or remote access to the device to distribute and deploy malware.
“As the world becomes connected and the boundaries break down, the attack’s scale is going to continue the growth. That was basically our finding. We were only scratching the surface and acoustic cyber-weapon attacks could potentially be done at a much larger scale using something like sound systems at arenas or commercial PA systems in office buildings”, — Wixey says.