While recent research has explored the capability of attacks to cause harm by targeting devices – e.g., SCADA systems, vehicles, medical implant devices - little consideration has been given to the concept of attacks affecting psychological and physiological health by targeting humans themselves.
In a first-of-its-kind study, we assessed the capability of several consumer devices to produce sound at high and low frequencies which may be imperceptible to many people, as a result of remote and local attacks, and compared the resulting sound levels to maximum recommended levels. In doing so, we tested their viability as localised acoustic weapons which could cause temporary/permanent hearing damage and/or adverse psychological effects. We examined a number of countermeasures, including a tool to detect specified frequencies above specified thresholds.
In this talk, I will cover the background of malware which has, intentionally or not, caused physical or psychological harm. I will explore previous research on the harmful effects of sound, focusing particularly on high and low frequencies, and some of the guidance which has been proposed to limit exposure to such sound. I will examine the use of imperceptible sound as applied to security research (covert channels, ultrasonic tracking beacons, etc), and will present our experiments and findings, including threat models, methodology, the attacks we developed, and the implications of our results. Finally, I will suggest a number of countermeasures and outline some possible areas for future research.