The Internet of Things (IoT) is comprised of a massive and rapidly growing number of devices connected to the Internet. These devices include things like household appliances, thermostats, manufacturing robots, cameras, automobiles, biochip transponders and many others. Among these devices are sensors called transducers.
Transducers gather data from the physical world, such as light, sound, vibration, heat, and pressure and convert that information into electrical impulses. Software interprets these electrical impulses to make sense of the data. Recent research conducted by Kevin Fu from the University of Michigan and Wenyuan Xu from Zhejiang University has revealed that transducers are inherently vulnerable to attacks based on physics, not malware.
Physical manipulation can be used to trick transducers into reporting environmental data that is inaccurate. Ambient sound can be used to trick voice recognition sensors. Electromagnetic waves can be used to dupe transducers into inaccurately reporting temperature.
Although the term “transduction attacks” was recently coined by Fu and Xu, these attack surfaces aren’t new. In March of 2017, scientists from Israel demonstrated how a flatbed scanner could be used to gain access to an air-gapped network (like the ones often found in government and military environments). In this case, lasers and smart lightbulbs were used to communicate with the optical sensor of a flatbed scanner.
The attack demonstrated that by altering the input of physical data, in this case light, you could trick the sensor into behaving in a manner different from that which it was intended. Imagine the implication of tricking sensors used in hospitals to measure refrigerator temperatures where medications and specimens are stored. In hospitals or other healthcare environments, refrigeration unit temperatures could be increased, ruining lifesaving medication and destroying medical samples waiting for diagnosis.
In the automobile industry, consider the safety implications. Sensors measuring vehicle acceleration/deceleration for the purposes of airbag deployment could be altered. Airbags could be triggered to go off, even though there was no accident. Sensors measuring the distance of objects could be tricked into causing the vehicle to brake hard while driving at full speed, or fail to brake, causing a collision.
In critical infrastructure, transducers measuring the temperature of data centers or other critical infrastructure could be altered, causing damage to server farms or the failure of public utility systems.
The more our modern world relies on IoT devices and transducers for safety systems, process automation and general data gathering, the more at risk we are from these transducer attacks.
Manufacturers that build transducers should take a system-centric approach to security. This means that they need to ensure the validity of input data being received through a defense in depth approach. Installing additional sensors that look for the types of environmental variations used to trick the system could provide an extra layer of protection for such attacks. With these complimentary sensors, operating systems or computer software could be used to mitigate false data inputs. In this manner, the attack could be thwarted.
About the Author: Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Justin, a graduate of the University of Maine at Farmington, is an avid learning of all things security, with a particular interest in TLS and DNS attacks.
Edited by
Ken Briodagh
