Audio Attacks

Mobile phones, with their huge range of always-on sensors are particularly at risk when it comes to privacy-compromising side channel attacks. Ever wonder why you’re getting ads on your phone related to a band you saw play at a music festival or a store you visited?Though not the only way your smartphone can extract the private data, that advertisers and marketers exploit, ultrasonic beacons are increasingly used by advertisers to spy on your movements, media consumption, website visits, and more. Often using audio between 18 and 20 kHz range (just about audible to younger people when there’s no background noise), there are hundreds of Android apps that listen out for these beacons — a privacy issue that also has the potential for misuse.

Because most are used in noisy or crowded areas, the sound is often hard to detect in the wild and many cheaper/older smartphones may not pick up enough of the beacon signal. Of course, a more malicious user could leverage this data to enable other attacks.

Accelerometers are also an issue when it comes to audio attacks. Not only can they be turned into a microphone, they can also be used to disrupt a system.  Chances are, the only accelerometers you own are in your phone and maybe your tablet or laptop, they are also widely used in industrial control systems, such as supervisory control and data acquisition (SCADA) networks that control power plants, factory floors and everything else that makes our lives easier. A more serious attack could involve drones overflying a target location and broadcasting a disruptive sound frequency, effectively causing a denial of service attack in the flow control system.

Edited by Mario Vulcano