On Tuesday, the Department of Homeland Security issued an alert regarding MEMS accelerometer hardware design flaws. The reason for the alert was quickly revealed by the University of Michigan, who published this research paper [.pdf file] about using a $5 speaker and a sound file to hack capacitive MEMS accelerometers, the part of many smartphones, fitbits, drones, implantable medical devices, self-driving cars, industrial systems, and other tech which detects when you’re in motion and how quickly you’re moving in which direction. The hack worked on 15 of the 20 different MEMS tested. The picture above shows the hacked accelerometer on a Samsung Galaxy S5 reading out the word WALNUT.
The team, led by Kevin Fu, used resonant frequencies to interfere with the mass suspended on springs at the core of the accelerometer, tricking 75% of them into registering movement that wasn’t occurring. The audio file allowed them to control some aspects of the system, such as adding thousands of fictitious steps to a Fitbit and taking over a smartphone-tethered remote control car.
The implications — as Gizmodo and the New York Times point out — could be disastrous if someone were to use this to, for example, trick a person’s insulin pump into giving them the wrong dosage or to make self-driving cars crash into each other. The researchers have already contacted manufacturers about the exploit and have recommended hardware adjustments and developed two low-cost software solutions that would minimize risks, since this is potentially far more dangerous than just cheating on your Fitbit stats.
(Via University of Michigan, Gizmodo, ICS-CERT, and the New York Times)