Modern gadgets can be turned into cyber-weapons

Research has revealed that gadgets can be hacked to emit harmful sounds.

Head of research at PWC’s cybersecurity practice, Matt Wixley, unveiled his research at the Def Con hacking conference, in which he discovered the potential for devices with speakers to be hacked and turned into cyber-weapons. 

“I’ve always been interested in malware that can make that leap between the digital world and the physical world,” Wixey said. “We wondered if an attacker could develop malware or attacks to emit noise exceeding maximum permissible level guidelines, and therefore potentially cause adverse effects to users or people around.”

Wixley tested tested a variety of devices including mobile phones, laptops, headphones, a PA system and numerous different types of speakers. 

It was discovered that many devices had little to no protection and thus by creating a virus, the known vulnerabilities could be used to make the devices emit dangerous sounds for a long period of time. 

Wixley had told the BBC, that in some cases attacks could be done locally or even remotely, whilst other attacks require “proximity to the device, or physical access to it.”

In one attack, Wixley scanned for WiFi and Bluetooth networks for vulnerable speakers, which were then taken over and made to play weaponised sounds.

Some of the sounds made, could be emitted to annoy or disorientate people, but at certain levels the sounds were close to damaging hearing. 

Sonic attacks have been deployed in real life situations, such as China and Cuba, whereby those affected have experienced symptoms to a “mild traumatic brain injury”. 

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.