Sound Effects: Exploring Acoustic Cyber-weapons

Presented at DEF CON 27 (2019), Aug. 11, 2019, 1 p.m. (45 minutes).

While recent research has explored the capability of attacks to cause harm by targeting devices - e.g., SCADA systems, vehicles, medical implant devices - little consideration has been given to the concept of attacks affecting psychological and physiological health by targeting humans themselves. In a first-of-its-kind study, we assessed the capability of several consumer devices to produce sound at high and low frequencies which may be imperceptible to many people, as a result of remote and local attacks, and compared the resulting sound levels to maximum recommended levels. In doing so, we tested their viability as localised acoustic weapons which could cause temporary/permanent hearing damage and/or adverse psychological effects. We examined a number of countermeasures, including a tool to detect specified frequencies above specified thresholds. In this talk, I will cover the background of malware which has, intentionally or not, caused physical or psychological harm. I will explore previous research on the harmful effects of sound, focusing particularly on high and low frequencies, and some of the guidance which has been proposed to limit exposure to such sound. I will examine the use of imperceptible sound as applied to security research (covert channels, ultrasonic tracking beacons, etc), and will present our experiments and findings, including threat models, methodology, the attacks we developed, and the implications of our results. Finally, I will suggest a number of countermeasures and outline some possible areas for future research.

Presenters:

  • Matt Wixey - Cyber Security Research Lead, PwC UK
    Matt is a PhD candidate at the Dawes Centre for Future Crimes, University College London, and leads technical research for the PwC Cyber Security practice in the UK. Prior to joining PwC, Matt led a technical R&D team for a law enforcement agency in the UK. His research interests include antivirus and sandboxing technologies, unconventional attack vectors, side-channels, and radio security. Twitter: @darkartlab

Links:

Similar Presentations: