Hackers have found a way to weaponize your everyday speakers against you
The ways and methods to do harm through regular speakers seems to be growing
Tech magazine Wired just carried a detailed report about malicious ways and means through which your daily use speakers can be turned into cyber weapons that can cause serious harm. As the magazine notes, “commercial speakers are also physically able to emit frequencies outside of the audible range for humans.”
One seemingly innocuous way, in which some companies have already made experiments, is by playing inaudible, ultrasonic beacons through built-in computer and mobile phone speakers to track user browsing when the users visit certain browsers.
But at Defcon security conference in Las Vegas that was held recently, Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, came with a report that says it is quite “easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume. Those aural barrages can potentially harm human hearing, cause tinnitus, or even possibly have psychological effects.”
According to Wixey, his team ran a series of malware experiments through a different array of speakers, standalone or built-in on various devices to come to this conclusion. He added that, “an attacker would still need physical or remote device access to spread and implant the malware.” Still, as he points out, the scariest thing about “this class of potential attacks is that in many cases you would have no idea they’re going on.”
But, this is not the first of its kind. Similar research came to the same or similar results at last year’s Crypto 2018 conference in Santa Barbara, California, where a group of researchers reported that ‘ultrasonic emanations’ “from the internal components of computer monitors could reveal the information being depicted on the screen.” Even earlier, Ang Chui, founder of the embedded device security firm Red Balloon published a research paper in 2015 where he reported that the use of malware to “broadcast data from a printer by crunching the internal components of the printer could make sounds that could be picked up and interpreted by an antenna.”