Researchers from the University of Michigan and the University of South Carolina were able to develop a series of attacks that manipulate internet of things (IoT) devices using sound.
The acoustic attacks manipulate accelerometers in devices like Fitbits and researchers were able to add extra step counts to the device, but researchers warned the implication of the attacks could have greater consequences in more critical devices with similar technology, according to a recent white paper released on the topic.
The attacks can also be used to create interference in or to alter the dosages in medical devices such as diabetic insulin pumps.
The researchers tested 20 accelerometer models from five manufacturers and were able to affect the information or output of 75 percent of the devices tested and controlled the output in 65 percent of the devices.
“It's like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words” and enter commands that manipulate the device Kevin Fu, an associate professor of electrical engineering and computer science at the University of Michigan, told the New York Times.
A Fittbit spokesperson noted that this its important to understand that this is not a compromise of user data describe the attack as "simply a way to game the system."
"We believe that any attempt to get credit for steps not actually taken, however clever, deprives the user of the very real benefits of living a more active, healthier life," the spokesperson told SC Media. "It's far better, and a whole lot more fun, to discover the joys of moving one's body—whether on your own or with family and friends—to reach and beat your fitness goals."
UPDATE: This article has been updated to include comments from Fitbit.