If you were at all spooked by the recent news that teams of humans may be listening to your smart speaker interactions, then this next revelation may cause you to eye your device with renewed suspicion.
Why? Because it appears that many of today’s Wi-Fi- and Bluetooth-connected speakers have the potential to attack us with harmful sounds.
The news comes courtesy of PricewaterhouseCoopers security researcher Matt Wixey who said that many types of speakers — not only stand-alone smart speakers — can be turned into low-grade cyber-weapons with relative ease.
Wixey made the claims during a presentation at the Def Con security conference in Las Vegas on Sunday, the BBC reported.
Experiments
Sonic weapons that can shred your eardrums are already a thing, but the idea of a hacker — whether state-sponsored or acting alone — gaining control of common household gadgets to cause a similar degree of cacophonic chaos hasn’t been widely talked about before now.
In one of his experiments involving wireless headphones, smartphones, laptops, and smart speakers (product names were not revealed), Wixey was able to take control of the devices before making them emit sounds that could “cause physical harm, harass individuals, or disrupt larger organizations.”
The researcher started by using software to search for Wi-Fi and Bluetooth networks for vulnerable speakers. Once identified, malware developed by his team took control of the devices before making them play the potentially damaging sounds, whether beyond the range of human hearing (but still able to cause harm) or audible.
In a real-world scenario, a hacker would be able to select the kind of audio the speaker played. It could, for example, be designed to merely irritate the listener, though a more sinister attack could try to disorientate or even damage a person’s hearing.
In another of Wixey’s experiments using a smart speaker, the force of the audio was so powerful that it “generated enough heat to start melting its internal components,” rendering it useless, according to Wired.
A number of the takeovers were able to be performed locally or remotely, while others needed the perpetrator to be much closer to the device, or in some cases to have physical access.
Wixey and his team are contacting tech firms to offer advice on how they can protect their speaker-equipped gadgets from falling prey to hackers intent on scaring, injuring, or intimidating with potentially harmful sounds. Indeed, the maker of the damaged speaker has since issued a software patch after being informed of the vulnerability.
Could be done at a much larger scale
Wixey told Wired that with the world becoming increasingly connected, “acoustic cyber-weapon attacks could potentially be done at a much larger scale using something like sound systems at arenas or commercial PA systems in office buildings.”
While the chances of hackers making your speaker becoming your ear’s worst enemy currently remains slim, it’s nevertheless concerning that, according to Wixey’s findings, so many of today’s devices can be manipulated in this way.
But thanks to his team’s ongoing work, makers of such equipment are now waking up to the reality, and have the best possible opportunity to close any vulnerabilities that exist with their devices.
