Boffins bork motion control gear with the power of applied sound

Researchers manipulate gyroscopic controls with ultrasonic attack

A group of university researchers have developed a way to remotely control motion-sensing devices using only sound waves.

The study [PDF], authored by Yazhou Tu and Xiali Hei of University of Louisiana Lafayette, Zhiqiang Lin of Ohio State University, and Insup Lee of University of Pennsylvania, found that embedded sensors and gyroscopes in things like VR controllers, drones, and even hoverboards can be manipulated with resonant sound.

The idea, say the researchers, is to use acoustic waves that vibrate at the same frequency of a MEMS gyroscope, tricking the capacitive sensors on the device into receiving commands as if they were sent by the accelerometer.

Among the tested systems that were found to be susceptible were the Oculus Rift, both iOS and Android VR controllers, and gyroscopic screwdrivers from two different manufacturers.

“Under resonance, the sensing mass is forced into vibrations at the same frequency as the external sinusoidal driving force (sound pressure waves),” the group writes.

“Therefore, the mass-spring structure of inertial sensors could serve as a receiving system for resonant acoustic signals and allow attackers to inject analog signals at specific frequencies.”

In short, the researchers used a sound played through a speaker to send analog signals to the gyro sensors and create the illusion that the signal was the result of movement.

While previous studies have found that exposed accelerometers and gyros to be open to this type of interference, this is the first to show that embedded sensors could also be affected. This means that sensors installed in devices could be targeted and used to manipulate that device.

Some examples the researchers provided were using sound to manipulate an iPhone's VR controller:

Youtube Video

Control gyroscopic tools:

Youtube Video

And even make a ‘hoverboard’ transporter turn on command:

Youtube Video

There are limitations to the attacks. The researchers noted that the techniques only seemed to work on stationary devices, moving targets would require an attacker to not only follow sensor but also adjust frequency. Timing was also an issue, as in the experiment the researchers had to manually adjust the signal.

As to possible, mitigations, the researchers suggest that manufacturers better tune the analog low-pass filters to have a lower threshold. Additionally, damping the signals with materials or sampling could also help thwart the attacks.

“Employing both acoustic damping and filtering approaches in the designs of future sensors and systems can address these weaknesses,” the researchers explain.

“Additionally, acoustic damping can also be used to mitigate the susceptibility of currently deployed sensors and systems to acoustic attacks.” ®

Similar topics

Broader topics

Other stories you might like

  • US won’t prosecute ‘good faith’ security researchers under CFAA
    Well, that clears things up? Maybe not.

    The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

    Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability."

    Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

    Continue reading
  • Intel plans immersion lab to chill its power-hungry chips
    AI chips are sucking down 600W+ and the solution could be to drown them.

    Intel this week unveiled a $700 million sustainability initiative to try innovative liquid and immersion cooling technologies to the datacenter.

    The project will see Intel construct a 200,000-square-foot "mega lab" approximately 20 miles west of Portland at its Hillsboro campus, where the chipmaker will qualify, test, and demo its expansive — and power hungry — datacenter portfolio using a variety of cooling tech.

    Alongside the lab, the x86 giant unveiled an open reference design for immersion cooling systems for its chips that is being developed by Intel Taiwan. The chip giant is hoping to bring other Taiwanese manufacturers into the fold and it'll then be rolled out globally.

    Continue reading
  • US recovers a record $15m from the 3ve ad-fraud crew
    Swiss banks cough up around half of the proceeds of crime

    The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

    "This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

    The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

    Continue reading

Biting the hand that feeds IT © 1998–2022