Capacitive MEMS accelerometers are vulnerable to acoustic injection attacks on the integrity of data because of the physics of resonating materials, signal processing design choices in integrated circuits, and computer science abstractions that no longer ring true. By playing specially crafted sounds from a music video or nearby speaker, one can control the output of the sensor that provides inertial measurements to decision making software found in healthcare, transportation, and the emerging Internet of Things.
This new class of security flaw allows an adversary to control the values delivered to a microprocessor. It sounds impossible, but it's true. The lesson for computer scientists: don't trust sensors. Carefully validate the input. The students in SPQR Lab at the University of Michigan specialize in interdisciplinary security research. Learn more by attending the IEEE European Symposium on Security & Privacy in April 2017 in Paris.