Skip to main content

Hacked smart devices double as surveillance tools, new research finds

CovertBand: Activity Information Leakage Using Music
Hackers can turn smartphones, tablets, and smart TVs into surveillance tools by exploiting their built-in microphones, according to a new study out of the University of Washington. With the device hijacked, the attacker can detect body position and movement of people within its vicinity, raising additional concern about the security of smart devices, which made the news earlier this year with revelations about the ease with which they can be comprised.

“We were curious about the privacy threats that these devices can expose users to,” Shyam Gollakota, senior author of the study and UW associate professor of computer science and engineering, told Digital Trends. “So we asked the question, ‘How about a simple task of playing music on these devices? Can we use music to achieve surveillance on people?’”

Gollakota and his team used software called CovertBand, which allows a smart device to double as a remote-controlled sonar system, by taking advantage of a device’s built-in speaker and microphone. The researchers manipulated the devices to play modified music and the software could then analyze reflected sounds to track body movements and position.

“The way this works is that we embed a chirp signal in the music and hide it using the beats of the music,” Gollakota explained. “These signals get reflected off the human body and can be observed by the microphones in these devices. We can analyze these reflections and can figure a whole host of things about the person.”

The UW team hid the subtle chirp in songs by artists like 2Pac and Michael Jackson, which you can hear here. The chirps are slight but not always indistinguishable. In the study, listeners could identify the edited songs 58 percent of the time.

Using CovertBand the researchers were able to detect multiple individuals within the same room as the device and even behind barriers, such as thin walls. Without barriers they could detect a walking individual about twenty feet away with an error of around seven inches. Through a thin wall that distance decreased by about half.

Though the idea is unsettling, this isn’t the most secretive surveillance technique — an attacker has to literally play music for it to work. If someone tried this on your home smart TV, you’d surely notice. It nonetheless demonstrates the potential for such devices to be exploited in private or public spaces.

“Be careful about what kind of audio can be played on your device,”Gollakota advised. “Strictly control what kind of apps can use both your speaker and microphones and ensure that only the most trusted apps can do so.”

The researchers will present their report next month at the Ubicomp 2017 conference.

Editors' Recommendations

Dyllan Furness
Dyllan Furness is a freelance writer from Florida. He covers strange science and emerging tech for Digital Trends, focusing…
Don’t buy the Meta Quest Pro for gaming. It’s a metaverse headset first
Meta Quest Pro enables 3D modeling in mixed reality.

Last week’s Meta Connect started off promising on the gaming front. Viewers got release dates for Iron Man VR, an upcoming Quest game that was previously a PS VR exclusive, as well as Among Us VR. Meta, which owns Facebook, also announced that it was acquiring three major VR game studios -- Armature Studio, Camouflaj Team, and Twisted Pixel -- although we don’t know what they’re working on just yet.

Unfortunately, that’s where the Meta Connect's gaming section mostly ended. Besides tiny glimpses and a look into fitness, video games were not the show's focus. Instead, CEO Mark Zuckerberg wanted to focus on what seemed to be his company’s real vision of VR's future, which involves a lot of legs and a lot of work with the Quest Pro, a mixed reality headset that'll cost a whopping $1,500.

Read more
Meet the game-changing pitching robot that can perfectly mimic any human throw
baseball hitter swings and misses

Who’s your favorite baseball pitcher? Shane McClanahan? Sandy Alcantara? Justin Verlander? Whoever you said, two of the top sports-tech companies in the U.S. -- Rapsodo and Trajekt Sports -- have teamed up to build a robot version of them, and the results are reportedly uncannily accurate.

Okay, so we’re not talking about walking-talking-pitching standalone robots, as great a sci-fi-tinged MLB ad as that would be. However, Rapsodo and Trajekt have combined their considerable powers to throw a slew of different technologies at the problem of building a machine that's able to accurately simulate the pitching style of whichever player you want to practice batting against -- and they may just have pulled it off, too.

Read more
The best portable power stations
EcoFlow DELTA 2 on table at campsite for quick charging.

Affordable and efficient portable power is a necessity these days, keeping our electronic devices operational while on the go. But there are literally dozens of options to choose from, making it abundantly difficult to decide which mobile charging solution is best for you. We've sorted through countless portable power options and came up with six of the best portable power stations to keep your smartphones, tablets, laptops, and other gadgets functioning while living off the grid.
The best overall: Jackery Explorer 1000

Jackery has been a mainstay in the portable power market for several years, and today, the company continues to set the standard. With three AC outlets, two USB-A, and two USB-C plugs, you'll have plenty of options for keeping your gadgets charged.

Read more