It’s bad enough that our devices can listen to us, whether it’s to use ultrasound to track us (even if we’re on an anonymous network) or whether it’s voice assistants picking up on our private conversations (including with human contractors listening in). Now, PricewaterhouseCoopers (PwC) security researcher Matt Wixey brings us news of attacks that can make our devices’ embedded speakers scream at us, be it at inaudible, high-intensity frequencies or audible sounds at hearing-damaging volumes. On Sunday at the Defcon security conference, he presented a talk on what he calls acoustic cyber-weapons.
Wixey, head of research at PwC’s cyber security practice, said that his experiments were done as part of his PhD research at University College London, where he delves into what he calls “unconventional” uses of sound as applied to security – including digital/physical crossover attacks that use malware to create physical and/or acoustic harm. If you aren’t already aware of how much damage given sounds can cause, in his slideshow for the Defcon talk, Wixey annotated a
decibel chart from Survival Life to show what level of sound will cause…
- Your eyes to twitch – 100 dB, or somewhere between a chainsaw and a lawnmower.
- Your lungs to collapse/death imminent – 188 dB.
- Your bones to shatter and your internal organs to rupture – 194 dB.
- Instant death – 200 dB, or the sound of Windows XP starting up*.
(*I’m fairly sure the Windows XP reference is just a joke. But if you want to see what level of noise will cause your eardrums to rupture, check out
this training manual from Purdue University.) Wixey talked about how inflicting “aural barrages” can cause both psychological and physiological effects, from neurasthenia, cardiac neurosis, hypotension, bradycardia, nausea, fatigue, headaches, tinnitus, ear pain and far more.