This article is more than 1 year old
Boffins bork motion control gear with the power of applied sound
Researchers manipulate gyroscopic controls with ultrasonic attack
A group of university researchers have developed a way to remotely control motion-sensing devices using only sound waves.
The study [PDF], authored by Yazhou Tu and Xiali Hei of University of Louisiana Lafayette, Zhiqiang Lin of Ohio State University, and Insup Lee of University of Pennsylvania, found that embedded sensors and gyroscopes in things like VR controllers, drones, and even hoverboards can be manipulated with resonant sound.
The idea, say the researchers, is to use acoustic waves that vibrate at the same frequency of a MEMS gyroscope, tricking the capacitive sensors on the device into receiving commands as if they were sent by the accelerometer.
Among the tested systems that were found to be susceptible were the Oculus Rift, both iOS and Android VR controllers, and gyroscopic screwdrivers from two different manufacturers.
“Under resonance, the sensing mass is forced into vibrations at the same frequency as the external sinusoidal driving force (sound pressure waves),” the group writes.
“Therefore, the mass-spring structure of inertial sensors could serve as a receiving system for resonant acoustic signals and allow attackers to inject analog signals at specific frequencies.”
In short, the researchers used a sound played through a speaker to send analog signals to the gyro sensors and create the illusion that the signal was the result of movement.
While previous studies have found that exposed accelerometers and gyros to be open to this type of interference, this is the first to show that embedded sensors could also be affected. This means that sensors installed in devices could be targeted and used to manipulate that device.
Some examples the researchers provided were using sound to manipulate an iPhone's VR controller:
Control gyroscopic tools:
And even make a ‘hoverboard’ transporter turn on command:
There are limitations to the attacks. The researchers noted that the techniques only seemed to work on stationary devices, moving targets would require an attacker to not only follow sensor but also adjust frequency. Timing was also an issue, as in the experiment the researchers had to manually adjust the signal.
As to possible, mitigations, the researchers suggest that manufacturers better tune the analog low-pass filters to have a lower threshold. Additionally, damping the signals with materials or sampling could also help thwart the attacks.
“Employing both acoustic damping and filtering approaches in the designs of future sensors and systems can address these weaknesses,” the researchers explain.
“Additionally, acoustic damping can also be used to mitigate the susceptibility of currently deployed sensors and systems to acoustic attacks.” ®
Biting the hand that feeds IT
