InfoSec Seminar: Sound Effects: Exploring Acoustic Cyber-Weapons

Speaker: Matthew Wixey

Date/Time: 25-Jul-2019, 16:00 UTC

Venue: Roberts 309

Details

Abstract


While recent research has explored the capability of attacks to cause harm by targeting devices – e.g., SCADA systems, vehicles, medical implant devices - little consideration has been given to the concept of attacks affecting psychological and physiological health by targeting humans themselves.

In a first-of-its-kind study, we assessed the capability of several consumer devices to produce sound at high and low frequencies which may be imperceptible to many people, as a result of remote and local attacks, and compared the resulting sound levels to maximum recommended levels. In doing so, we tested their viability as localised acoustic weapons which could cause temporary/permanent hearing damage and/or adverse psychological effects. We examined a number of countermeasures, including a tool to detect specified frequencies above specified thresholds.

In this talk, I will cover the background of malware which has, intentionally or not, caused physical or psychological harm. I will explore previous research on the harmful effects of sound, focusing particularly on high and low frequencies, and some of the guidance which has been proposed to limit exposure to such sound. I will examine the use of imperceptible sound as applied to security research (covert channels, ultrasonic tracking beacons, etc), and will present our experiments and findings, including threat models, methodology, the attacks we developed, and the implications of our results. Finally, I will suggest a number of countermeasures and outline some possible areas for future research.

Bio

Matt is a PhD candidate at the Dawes Centre for Future Crimes, University College London, with supervision from the Security and Crime Science and Computer Science Departments. He leads technical research for the PwC Cyber Security practice in the UK. Prior to joining PwC, Matt led a technical R&D team for a law enforcement agency. His research interests include antivirus and sandboxing technologies, unconventional attack vectors, side-channels, and radio security.

Add to Calendar

This page was last modified on 27 Mar 2014.