Hackers Could Use A Pop Song To “Watch” You Through Your Smart Speaker

Your phone, TV, or connected device could become a sonar spy, as white hat hackers at the University of Washington give new meaning to bad music.

Hackers Could Use A Pop Song To “Watch” You Through Your Smart Speaker
[Source images: IPGGutenbergUKLtd/iStock, giphy]

Forget your classic listening device: Researchers at the University of Washington have demonstrated that phones, smart TVs, Amazon Echo-like assistants, and other devices equipped with speakers and microphones could be used by hackers as clandestine sonar “bugs” capable of tracking your location in a room.


Their system, called CovertBand, emits high-pitched sonar signals hidden within popular songs—their examples include songs by Michael Jackson, Justin Timberlake, and 2Pac—then records them with the machine’s microphone to detect people’s activities. Jumping, walking, and “supine pelvic tilts” all produce distinguishable patterns, they say in a paper. (Of course, someone who hacked the microphone on a smart TV or computer could likely listen to its users, as well.)

Lately we’ve been hearing a lot about these sound-based hacks. Researchers from the University of Michigan and the University of South Carolina demonstrated in March they could induce false readings in a phone’s accelerometer by playing certain sounds, potentially disrupting apps that relied on the tool, according to a report in The New York Times.

Another study, from last month’s Black Hat conference, showed devices with balancing gyroscopes like drones and hoverboards could be similarly disrupted, Ars Technica reports. And last year, researchers at Israel’s Ben Gurion University demonstrated how malware could turn headphones attached to a computer into a microphone able to pick up sounds from 20 feet away.

An illustration of CovertBand’s technique. [Image: University of Washington]

Read more: How Cloudflare is steeling for the internet of easily hackable things

Sonic spying and sabotage are nothing new. Leon Theremin, the music instrument designer, also built a sonic bug that was hidden inside a wooden Great Seal of the United States in the U.S. ambassador’s home in Moscow after World War II. (It had been given to him as a gift by a group of Russian schoolchildren) The device had no power supply or active electronics, but when Soviet spies beamed radio waves of the right frequency at it, they could pick up the sounds of nearby conversations. The NSA, according to a leaked weapons catalog, has a similar radio-based tool for remotely hacking into air-gapped computers, a magical-seeming exploit that has inspired at least one engineer to brew his own.

Sound can be also be weaponized in more directly harmful ways. “We Are the Champions” and “Babylon” were among the songs blasted at high volume during some Iraq War interrogations. Despite the New York Police Department’s arguments otherwise, a judge ruled in June that a lawsuit related to officers’ use of a long range acoustic device at a Black Lives Matter protest can proceed, because sound can cause physical harm. And earlier this month, the Associated Press reported that five U.S. diplomats in Cuba had suffered severe hearing loss—the result, a State Dept. investigation said, of a covert sonic weapon.

About the author

Steven Melendez is an independent journalist living in New Orleans.