Government surveillance
Researchers warned that CovertBand could be used by a variety of threat actors, including covert government spies iStock

Your smart devices could be hijacked by hackers to spy on your every move. Researchers have come up with a new sonar-based attack technique that could allow hackers to hijack your smart devices, such as smart refrigerators, smart TVs and other such devices, to track body movement, essentially turning your own devices into tools that can spy on you.

The attack, dubbed CovertBand, could allow hackers to track movements to guess what a target may be doing, including inferring when a target may be engaged in sexual activity. CovertBand was developed by researchers at the University of Washington's Paul G Allen School of Computer Science & Engineering and is powerful enough to spy on targets, recording a target's activities, even through a wall.

The sonar-based attack relies on devices' in-built microphones and speakers to function as a data receiver, picking up sound waves and tracking the movements of a target. The attack also involves hackers tricking victims into downloading a malicious Android app, which once installed, plays music embedded with repetitive sonar pulses that track a victim's location, body movements and activities, near the device as well as through walls. The researchers also figured out a way by which to conceal the attacks by mixing sonar pulses with music.

"CovertBand can track multiple subjects independently through barriers in a 2D plane. CovertBand can differentiate between rhythmic and linear motions," the researchers said in a paper. "We tested a variety of rhythmic motions — pumping arms, jumping, and supine pelvic tilts — in through-wall scenarios and show that they produced discernibly different spectrograms from walking.

"We ran experiments in five real homes to show that attacks are possible with our prototype. In particular, we show through multiple scenarios that an attacker can use active sonar to glean information about victims through walls, even when the attacker cannot see the victim nor hear any movements, and that such an attack is feasible using many common, off-the-shelf devices."

The researchers warned that CovertBand could be used by a variety of threat actors, including covert government spies. They added that the attack could also likely be honed to allow hackers to track even more minute movements such as movements of the hands or even just the fingers. The researchers hope that the awareness of the possibility of such attacks would likely prompt security experts to come up with practical countermeasures that can help the public stay safe from such intrusions.