Gadgets can be hacked to be dangerous says researcher
Many modern gadgets can be hacked to produce deafening and disorienting sounds, research has revealed.
Security researcher Matt Wixey found a range of devices had little protection to stop themselves being turned into “offensive” low-grade, cyber-weapons.
Mr Wixey tested laptops, mobile phones, headphones, a PA system and several types of speakers.
The weaknesses could cause physical harm, harass individuals or disrupt larger organisations, he said.
Mr Wixey, who is a head of research at PwC’s cyber-security practice, said he conducted the experiments as part of PhD work into the ways that malware can directly cause physical harm.
He sought to find out if the volume and speaker controls of the devices could be manipulated to make them produce harmful high and low frequency sounds.
Custom-made viruses, known vulnerabilities and other exploits were used to subvert the devices and make them emit the dangerous sounds for long periods of time.
“Some attacks leveraged known vulnerabilities in a particular device, which could be done locally or remotely in some cases,” he told the BBC. “Other attacks would either require proximity to the device, or physical access to it.”
In one attack, Mr Wixey used a program that scanned local wi-fi and Bluetooth networks for vulnerable speakers which it then sought to take over. Any compromised device would then be made to play the weaponised sound.
In some cases, the tones that the range of gadgets were made to emit would only annoy or disorientate people, but at sustained levels the noises were close to levels that could damage hearing, he said.
In one case, the device itself was harmed by the tests as it stopped working after the team made it emit a range of sounds over several minutes.
Testing was done in a soundproof room and no humans were involved during the series of experiments.
Mr Wixey has been in contact with manufacturers to help them develop defences that can act if a device is being made to produce dangerous sounds.
The research will be detailed during a talk at the Def Con hacker conference in Las Vegas on 11 August.