“Musical virus” can hack smartphones

By | March 15, 2017
Photo of Prof. Kevin Fu and colleague at lab table surrounded by testing equipment.

Kevin Fu and other researchers have found a way to take control of or influence devices using a standard component in cellphones and other gadgets. (Joseph Xu, College of Engineering/flickr)

A security loophole that lets someone add extra steps to your Fitbit might seem harmless, but a group of computer security researchers at U-M and the University of South Carolina say it points to the broader risks that come with technology embedding itself into our lives. They found a vulnerability that allows them to compromise devices through the tiny accelerometers that are standard components in products like smartphones, fitness monitors, and even automobiles. Their paper describes how they added fake steps to a Fitbit and played a “malicious” music file from the speaker of a smartphone to control the phone’s accelerometer. That allowed them to interfere with software that relies on the smartphone. “It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words” and enter commands, said Kevin Fu, an author of the paper and an associate professor of electrical engineering and computer science. “You can think of it as a musical virus.” Read the articles in the University Record and Business Insider for additional information.