All your internet-connected devices – phone speakers, computer, and other devices connected to internet can be hacked and used to wreak havoc on your eardrum, new research shows.
According to Wired, a cybersecurity research by Matt Wixey at the technology consulting firm PWC UK, revealed that everyday speakers can be infected with malware that makes them emit dangerously high or low frequencies, and potentially harm human hearing, cause tinnitus, or even possibly have psychological effects.
Wixley disclosed this on Sunday at the Defcon security conference in Las Vegas.
“We wondered if an attacker could develop malware or attacks to emit noise exceeding maximum permissible level guidelines, and therefore potentially cause adverse effects to users or people around”, Wixey said.
To test this theory Wixley said he created malware that could be embedded remotely or physically into devices so they could be controlled by a hacker.
Wixley said they analyzed the potential acoustic output of a handful of devices, including a laptop, a smartphone, a Bluetooth speaker, a small speaker, a pair of over-ear headphones, a vehicle-mounted public address system, a vibration speaker and a parametric speaker.
He wrote simple code scripts or slightly more complete malware to run on each device. An attacker would still need physical or remote device access to spread and implant the malware.
Once he had installed the malware on each device he said he put them in soundproof containers with sound level and temperature measures.
Wixley said he found that the smart speaker, the headphone and the parametric speaker could be forced to emit abnormally high frequencies, and the Bluetooth speaker, noise-canceling headphones, and the same smart speaker could emit abnormally low frequencies.
He also observed that the components in the smart speaker started to melt four or five minutes into his malware attacks and were permanently damaged.
However, he informed the manufacturer of the problem and they are said to have fixed it.
Experiments conducted on the internet-connected smart speaker showed that it could be possible for remote attacks on acoustic devices without having physical access first.
It has also be noted that hacking people’s devices and making them emit frequencies could be used to track someone’s movements.
Wixey will not be releasing any of the malware used in the experiment and did not conduct tests on humans.
He told Wired: “There are a lot of ethical considerations and we want to minimize the risk.
“But the upshot of it is that the minority of the devices we tested could in theory be attacked and repurposed as acoustic weapons.”