MOST MALWARE ONLY damages software and hardware, but what if your possessions could be turned against people?
Sadly, that's no longer a writing prompt for some God-awful science fiction: it's actually possible, according to security researcher Matt Wixey who has been able to weaponise various speakers to play sounds that can actively harm both themselves and any humans in earshot.
Wixey and his team were able to find speakers via WiFi and Bluetooth, then take them over before playing sounds that could do some serious damage if they weren't safely contained in a soundproof container. More alarmingly, some of these were beyond the range of human hearing, causing damage without your senses picking up on it.
We'd actually rather be Rickrolled.
This isn't just smart speakers, by the way. The researchers were able to take on a bunch of devices including headphones, a vehicle-mounted PA system, smartphones, laptops and smart speakers, though Wixey has sensibly refused to reveal exactly which models he had success with. The technique varied, with some accessible remotely, and others needing a moderately reassuring degree of physical access.
In one instance, attacking a smart speaker generated enough heat that its internal components began to melt after a few minutes. Or maybe it understood the danger and made the ultimate sacrifice to protect its owner.
"As the world becomes connected and the boundaries break down, the attack surface is going to continue to grow," Wixey told Wired. "That was basically our finding.
"We were only scratching the surface and acoustic cyberweapon attacks could potentially be done at a much larger scale using something like sound systems at arenas or commercial PA systems in office buildings."
The good news is that theoretically there are a number of ways hardware and software manufacturers could block these theoretical acoustic attacks. The most obvious of these is physically preventing speakers from playing the frequencies that are inaudible to humans. Operating systems could also pop up alerts when speakers are in use.
Wixey won't be releasing the code of his malware for obvious reasons. Hopefully, nobody else has something similar up their sleeves. µ
Watching you, watching me
Everything stops for T