Science fiction has set this scenario on multiple times: A scientist develops a machine that generates sounds capable of controlling minds, altering moods, or even physically harming a person. What’s really intriguing about this narrative is the possibility of translating this idea into reality, so it’s worth questioning, could a sound be able to kill someone? Cybersecurity specialists argue that yes, it is completely possible.
On previous occasions experts have attempted to apply the use of audio waves for Internet user tracking purposes. However, the application of sound waves of different frequencies has reached disconcerting levels as a group of experts claim that it is possible, and relatively easy, to design malware capable of producing frequencies inaudible to the human ear in virtually any speaker system; these frequencies could damage the victim’s hearing, cause general physical discomfort or, at worst, trigger undesirable psychological effects.
Cybersecurity experts claim that such malware
could be functional to reproduce these frequencies using the embedded speakers
of any device, such as laptops, smartphones, hearing aids, Bluetooth speakers,
smart speakers, alarm systems on the cities and more. In addition to malicious
code, an attacker would only require access to the target devices or systems.
Matt Wixey, expert in charge of the research,
placed some devices with built-in speakers in a sound-proof vessel known as an
‘anti echo chamber’, along with a sound level meter and thermometer to record
metrics before and after the experiment. The cybersecurity expert found that,
using this malware, the smart
speaker, hearing aids, plus a single speaker, managed to emit
frequencies so high that they exceeded the average frequency audible to people
by various points. On the other hand, the Bluetooth speaker, a pair of
noise-cancelling headphones and the smart speaker managed to emit frequencies
so low that they exceeded the standard recommendations.
Another interesting finding is that the heat
generated by the smart speaker during the experiment reached the point where
the internal components of the device began to melt, leaving it completely
useless. “We even notified the device manufacturer, who decided to release
a patch against this malware,” the researcher said, without mentioning the
company’s name. Wixey also refrained from disclosing further details about the
malware he designed, stating that the experiment was not tested on humans;
“It should be enough to know that these kinds of attacks are actually
possible,” he concluded.
When it comes to the harmful potential of sound
waves, some general aspects of people’s hearing ability need to be considered.
Sound intensity is measured in decibels (dB); a regular conversation is known
to record between 50 and 60 dB, while heavy machinery reaches about 120 dB,
which are still resistible for the human ear. If a person could be actually
harmed using only sound waves, it would require around 250 dB, a sound
intensity virtually impossible to reach, even in enclosed spaces.
As for the frequency of sound waves, measured
in Hertz (Hz), a human only perceives sounds between 20 and 20k Hz, however,
the waves that we do not perceive can have greater effects. If a person is
exposed to a frequency less than 19 Hz, even if they don’t hear anything, their
hearing system will still be sensitive to vibrations, which could cause serious
damage to the hearing, even harming other body functions.
The cybersecurity of embedded devices has not
gone completely unnoticed. In 2015, security firm Red Balloon revealed a study
in which malware was used to transmit sounds according to the activities of
devices such as scanners and printers; thanks to sound patterns, it was
possible to infer the data that passed through these devices, so the sound
waves not only have malicious applications harmful to health, but can also be
used for information theft.
In this regard, experts from the International Institute
of Cyber Security (IICS) mention that the main prevention measure is in the
hands of manufacturers; establishing a frequency limit in the manufacturing
process, or integrating an alert system could be useful measures for preventing
the use of sound waves for malicious purposes.
