Don't assume you can trust the hardware sensors in your phone and other connected devices.
Acoustic signals at the right frequency can apply enough pressure on an accelerometer's sensing mechanism, a mass buoyed on springs, that it can spoof acceleration signals.
The sensor helps ensure the rotation of a smartphone's screen is always positioned the right way up, counts steps in fitness trackers, and assists positioning in autonomous vehicles.
One attack demonstrated tricking a Fitbit into counting thousands of false steps. This technique doesn't represent a significant security risk, the work more broadly highlights issues with trusting hardware sensors whose outputs can influence autonomous systems by giving false readings to a device's microprocessors.
Fitbit pointed out that the hack does not involve a compromise of its users' data and describing is simply a way to game the system that "We continue to explore solutions that help mitigate the potential for this type of behavior."
The hacks highlight new ways to backdoor IoT devices that use sensors to trigger actuators, like those used in robots and other machinery to set components in motion. Such weaknesses might be missed by a classic computer penetration test.
The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor & findings upend widely held assumptions about the security of the underlying hardware.