Researchers Warn of Physics-Based Attacks on Sensors

Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned. 

In an article in Communications of the ACM, researchers Kevin Fu of the University of Michigan and Wenyuan Xu of  Zhejiang University warn that analog signals such as sound or electromagnetic waves can be used as part of “transduction attacks” to spoof data by exploiting the physics of sensors. Researchers say a “return to classic engineering approaches” is needed to cope with physics based attacks on sensors and other embedded devices, including a focus on system-wide (versus component-specific) testing and the use of new manufacturing techniques to thwart certain types of transduction attacks.

“This is about uncovering the physics of cyber security and how some of the physical properties of systems have been abstracted to the point that we don’t have a good way to describe the security of the system,” Dr Fu told The Security Ledger in a conversation last week. That is particularly true of sensor driven systems, like those that will populate the Internet of Things.

Fooling Tesla
In this example, malicious interference fooled Tesla’s sensors into hiding and spoofing obstacles:7 (a) Real distance; (b) spoofed distance; (c) jammed distance. Image courtesy of ACM.)

Many types of sensors and devices are vulnerable, from accelerometer and temperature sensors to an ultrasonic proximity sensor, Fu said. “We’re surrounded by sensors and actuators,” he said. While that’s not new, the fact that these sensors are being connected and empowered to make autonomous decisions is, Fu noted.

Cyber attacks typically target vulnerabilities in software such as buffer overflows or SQL injection. Transduction attacks are a different beast, entirely. They exploit the physics of the hardware that underlies that software, including the circuit boards that discrete components are deployed on and the materials that make up the components. Although the attacks target vulnerabilities in the hardware, the consequences often arise as software systems, such as the improper functioning or denial of service to a sensor or actuator, the researchers said.

Examples of physics based attacks have been seen before- even in real world attacks. At the low end are opportunistic hacks, like the car thieves who amplify the signal of proximity based keyless entry systems in late model cars. More sophisticated attacks would require both planning and special tools to carry out.

Recently, for example, researchers demonstrated so-called “Dolphin attacks” that use ultrasonic commands to manipulate voice activated devices like Amazon’s Echo or Google’s Now. By injecting a sequence of inaudible voice commands, the researchers were able to demonstrate proof-of-concept attacks like directing Siri to initiate a FaceTime call on iPhone.

Researchers have also been exploring so-called “adversarial perturbations” that can fool machine learning and artificial intelligence systems (such as computer-aided vision) while being unnoticeable to humans.

Hardware and software have what might be considered a “social contract” that analog information captured by sensors will be rendered faithfully as it is transformed into binary data that software can interpret and act on it.  But materials used to create sensors can be influenced by other phenomenon – such as sound waves. Through the targeted use of such signals, the behavior of the sensor can be interfered with and even manipulated.

[See also: Lasers eyed as way forward for quantum encryption of data.

“The problem starts with the mechanics or physics of the material and bubbles up into the operating system,” Fu said.

The researchers say that traditional tools for managing cyber security such as software code analysis and testing won’t address transduction attacks. Rather, changes often have to be made to the physical objects themselves to make transduction attacks harder to carry out. Fu uses the example of a recent acoustic security flaw that he and other researchers reported that affected accelerometer sensors used on integrated circuits manufactured by Analog Devices (ADI)*. The company’s response was to advise customers to use inner mounting posts to a hard case to dampen the effect of vibrations on the affected sensor.  Customers were also advised to put physical trenches around boards that contained speakers to “reduce mechanical coupling.”

Addressing the threat of transduction attacks requires more solutions like ADI’s in the short term. In the long term, companies that make connected devices need to consider both digital and analog attacks against both the finished device and any collection of individual components in it. Designers need to anticipate that data sent from any sensor may not be trustworthy and make sure that the device will maintain its integrity even if it is receiving corrupted sensor data from one or more components, Fu said.

Beyond that, Fu and Xu said that the training of engineers needs to change, becoming more interdisciplinary and emphasizing an understanding of both digital and physical systems and processes. “Students graduating from departments that diminish the role of computing machinery will not be prepared to create trustworthy cyber physical systems,” the researchers wrote.

(*) Correction: an earlier version of this story incorrectly identified the maker of the accelerometer. It is Analog Devices (ADI) not AMD.  PFR 1/25/2018