Security researchers revealed that attackers can hack modern audio gadgets to make deafening sounds. According to Matt Wixey, a cybersecurity researcher at technology consulting firm PWC UK, attackers can build a custom-made malware to induce it on connected speakers to produce deafening sounds at high intensity, turning them into offensive cyber-weapons, according to the BBC.
Speaking at the Defcon security conference in Las Vegas, Wixey explained that his team has tested different kinds of connected speakers, including laptops speakers, headphones, and mobile phone speakers for research purposes. The researcher stated that aural attacks could cause tinnitus or even lead to psychological changes.
“Some attacks leveraged known vulnerabilities in a particular device, which could be done locally or remotely in some cases. Other attacks would either require proximity to the device, or physical access to it,” Wixey said in a statement.
Earlier, a security team from Tencent Blade exposed security vulnerabilities in smart speakers. Researchers Wu HuiYu and Qian Wenxiang gave a live demonstration on how to hack a smart speaker. The team used Amazon Echo smart speakers to present their attack program.
The researchers hacked the speaker by adding a malicious device embedded with an attack program. “After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and achieve remote eavesdropping,” the researchers said in a media report. “When the attack succeeds, we can control Amazon Echo for eavesdropping and send the voice data through a network to the attacker.” The researchers notified Amazon of their findings before the presentation, and Amazon has already pushed a security patch to fix the issues.