Research from the University of Michigan shows that capacitive accelerometers residing inside common consumer devices like smartphones, medical devices and IoT components may be vulnerable to analog acoustic injection attacks. Such attacks can damage the sensor's data integrity and cause it to output sensitive signals without moving the device.
The research group played a YouTube video laced with certain tones on a Samsung Galaxy S5 smartphone. The special tone sequence tricked the phone's accelerometer into outputting a signal spelling the words "WALNUT." The group used a similar method to inject steps into a Fitbit fitness tracker, stressing that while the fitness tracker contains little sensitive information, a similar attack could be carried out on medical equipment containing diagnostic or health information.
The group essentially used acoustic waves to mimic the effect of acceleration on the MEMS accelerometers. The research proved that an attack could be as simple as amplitude modulating a desired output signal on top of the analog acoustic signal, as shown in the image. The researchers tested the vulnerability of 20 MEMS accelerometers from various manufacturers and found that only three were invulnerable to an acoustic attack at 110 dB SPL.
The group's research concluded that there are several ways to protect against accelerometer attacks, including surrounding the device with dampening foam and deploying data processing algorithms that reject abnormal acceleration signals. The research paper will be presented at the April 2017 IEEE European Symposium on Security and Privacy in Paris.