Hackers Can Turn Headphones into 'Acoustic Weapons,' Cybersecurity Expert Warns
The speakers on your smartphone, PC, and other devices connected to the internet could be weaponized by hackers and used against you, security researchers say. One such expert believes that it is a very real threat. He did a malware test which revealed that everyday items like your normal headphones could be transformed into "acoustic weapons" by savvy hackers.
Matt Wixey, a lead cybersecurity researcher at the technology consulting firm PWC UK, showed that normal speakers could be infected with malware that causes them to emit dangerously high or low frequencies, according to Wired.
Wixey said: "We wondered if an attacker could develop malware or attacks to emit noise exceeding maximum permissible level guidelines, and therefore potentially cause adverse effects to users or people around." He reportedly created malware to test his theory. The malware could be embedded remotely or physically into devices and hackers could control them from a distance.
Sudden sharp sounds can be very dangerous as they can trigger conditions like tinnitus, psychological issues of even deafness.
Wixey claims that he successfully conducted his tests on multiple devices including a laptop, a smartphone, a Bluetooth speaker, a small speaker, a pair of headphones, a vehicle-mounted public address system, a vibration speaker and a parametric speaker. He embedded the malware on every device, and he put them in soundproof containers with sound level and temperature measures afterward.
He discovered that the smart speaker, the headphone and the parametric speaker could be made to emit dangerously high frequencies, and the Bluetooth speaker, noise-canceling headphones, and the same smart speaker could emit similarly unusual low frequencies. Wixey also noticed that the components in the smart speaker began to melt a few minutes into his malware attacks and were irreparably damaged. Fortunately, the faulty devices were fixed after the manufacturer was informed.
Experiments conducted on the internet-connected smart speaker showed that it could be possible for remote attacks on acoustic devices without having physical access first.
Another worrisome issue is that by hacking people's devices and causing them to emit certain frequencies, they could be used to track someone.
Wixey said he does not plan on releasing any of the malware he used in the test and that did not conduct any experiments on humans.
"There are a lot of ethical considerations and we want to minimize the risk," he told Wired. "But the upshot of it is that the minority of the devices we tested could, in theory, be attacked and repurposed as acoustic weapons," Wixey added.