Researchers at the University of Alabama at Birmingham have discovered a new, subtle way for evildoers to take control of your smartphone: through ambient sound and light. Eep.

This isn’t a hack so much as a trigger; for it to work, malware already has to be installed on your phone. But the research finds that, once certain kinds of malware is installed, it can be triggered or controlled with hidden messages, undetectable to humans, embedded within innocuous sounds or lights. Music, music videos, and light from the TV could call previously-installed malware to action or tell it what to do.

The method relies on one of the primary strengths of smartphones: they’re always on, always connected, and always feeling around with audio and visual sensors. The researchers found that they could trigger malware with music from a distance of 55 feet, sending a brief message that the smartphone owner might not even notice, but that the phone certainly will.

Sharms Zawoad, who presented the paper recently at a conference in China, said “This kind of attack is sophisticated and difficult to build, but it will become increasingly easier to accomplish in the future as technology improves.” The point of the paper is to bring attention to a possible weakness, so that future phones can have protection against this kind of trigger.

Read more over at the University of Alabama’s site.