Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Warn of Physics-Based Attacks On Sensors (securityledger.com)

Posted by BeauHD on from the heads-up-seven-up dept.

chicksdaddy shares a report from The Security Ledger: Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned. In an article in Communications of the ACM, researchers Kevin Fu of the University of Michigan and Wenyuan Xu of Zhejiang University warn that analog signals such as sound or electromagnetic waves can be used as part of "transduction attacks" to spoof data by exploiting the physics of sensors. Researchers say a "return to classic engineering approaches" is needed to cope with physics-based attacks on sensors and other embedded devices, including a focus on system-wide (versus component-specific) testing and the use of new manufacturing techniques to thwart certain types of transduction attacks.

"This is about uncovering the physics of cyber security and how some of the physical properties of systems have been abstracted to the point that we don't have a good way to describe the security of the system," Dr Fu told The Security Ledger in a conversation last week. That is particularly true of sensor driven systems, like those that will populate the Internet of Things. Cyberattacks typically target vulnerabilities in software such as buffer overflows or cross-site scripting. But transduction attacks target the physics of the hardware that underlies that software, including the circuit boards that discrete components are deployed on, or the materials that make up the components themselves. Although the attacks target vulnerabilities in the hardware, the consequences often arise as software systems, such as the improper functioning or denial of service to a sensor or actuator, the researchers said. Hardware and software have what might be considered a "social contract" that analog information captured by sensors will be rendered faithfully as it is transformed into binary data that software can interpret and act on it. But materials used to create sensors can be influenced by other phenomenon -- such as sound waves. Through the targeted use of such signals, the behavior of the sensor can be interfered with and even manipulated. "The problem starts with the mechanics or physics of the material and bubbles up into the operating system," Fu told The Security Ledger.

48 of 85 comments (clear)

  1. "Physics-based attacks"? by whoever57 · · Score: 4, Insightful

    If I hit something with a hammer, is that a "physics-based attack", or a physical attack?

    --
    The real "Libtards" are the Libertarians!
    1. Re:"Physics-based attacks"? by ShanghaiBill · · Score: 5, Informative

      If I hit something with a hammer, is that a "physics-based attack", or a physical attack?

      Both. TFA is using the term "physics-based attack" to mean any attack that is not via software.

    2. Re: "Physics-based attacks"? by Reverend+Green · · Score: 1

      I read the title as "physics-based attacks on censors." Which would be way more entertaining.

    3. Re:"Physics-based attacks"? by gnick · · Score: 1

      So, the TFA claims phishing and social engineering are "physics-based attacks?" I'm not seeing it.

      I think you know full well that's neither the case nor what Bill meant. You could RTFA and find out.

      --
      He's getting rather old, but he's a good mouse.
    4. Re:"Physics-based attacks"? by ShanghaiBill · · Score: 1

      So, the TFA claims phishing and social engineering are "physics-based attacks?" I'm not seeing it.

      How would an attack on a sensor be based on phishing or social engineering? I'm not seeing it.

    5. Re:"Physics-based attacks"? by Jane+Q.+Public · · Score: 3

      This has to be among the vaguest OPs I've read on Slashdot to date.

      There is no description of how the physical attacks might affect the software, although that is the recurring theme. Am I to assume that this is about the fact that hitting the IP cam hard with a hammer, that might affect its ability to transmit video?

      Are we supposed to infer from this amazingly vague word salad that we should write our software to account for such an event? If so, that might make sense, but it isn't actually stated anywhere.

    6. Re: "Physics-based attacks"? by c6gunner · · Score: 3, Funny

      Obviously you have no idea how lonely and attention starved radar dishes get. Prime targets for social engineering.

    7. Re:"Physics-based attacks"? by Nidi62 · · Score: 2

      So, the TFA claims phishing and social engineering are "physics-based attacks?" I'm not seeing it.

      How would an attack on a sensor be based on phishing?

      You could hit it with a fish

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    8. Re:"Physics-based attacks"? by TeknoHog · · Score: 1

      What if the attack is based on moving electrons around in conductors? If electrons are not physical, then please go to your nearest physics department and tell the people to start hitting things with hammers instead. Although using this logic, I guess Rowhammer would count as physical.

      See also: digital music vs. CDs.

      --
      Escher was the first MC and Giger invented the HR department.
    9. Re:"Physics-based attacks"? by gweihir · · Score: 1

      Both, clearly. For a non-physical attack, you would have to curse the device or, say, conjure a fire-elemental to scorch it (which would then be a physical attack by the fire-elemental, but a non-physical by you).

      This neatly shows the terminology is bullshit and merely an attempt to make irrelevant and obvious research sound important.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    10. Re:"Physics-based attacks"? by ceoyoyo · · Score: 2

      Some "journalist" wanted to write a story about hacking, but, you know, different. They then located some guy who builds sensors who was willing to wax poetic about systems engineering, and voila.

  2. Pro-Tip: Don't detonate a nuke by your sensor by Anonymous Coward · · Score: 1

    Direct hits from nuclear weapons can cause issues with the long-term reliability of sensors.

    Don't do that.

    I'll send you the bill for my consulting fee.

  3. Not as bad as the Magic based attacks by gurps_npc · · Score: 3, Insightful

    Those are the worst.

    --
    excitingthingstodo.blogspot.com
    1. Re:Not as bad as the Magic based attacks by gurps_npc · · Score: 1

      Wow- a Russian/Trump agent replied to my post.

      I feel... violated.

      --
      excitingthingstodo.blogspot.com
    2. Re:Not as bad as the Magic based attacks by Verdatum · · Score: 1

      Heeeeeeeee wasn't talking about the collusion narrative. Are you a bot? He made a silly joke comment, and an anon spam-replied to it with that releasethememo off-topic junk. The only people who care about that are russian agents and trump agents. So he rightly concluded that a russian/trump agent replied to his post.

  4. what nonsense is this? by iggymanz · · Score: 3, Funny

    All analog sensors are susceptible to "physics based attacks" too. Like putting device that gives off a lot of heat under a thermostat to get a nice cool comfy workspace....

    1. Re:what nonsense is this? by RhettLivingston · · Score: 2

      Or what about smoke screens? Human eyes are analog sensors too.

      This article basically describes every attempt to avoid or deceive an observer - human, animal, or otherwise - since time began.

    2. Re:what nonsense is this? by iggymanz · · Score: 1

      all the thermal imaging from cameras I've seen would be useless in a court of law to identify someone; for finding and rescuing in building they're great

  5. When Physics Attacks by mentil · · Score: 3, Insightful

    This sounds like how radar guns can clock a house going 100MPH due to the heater causing it to malfunction. Or side-channel attacks. The problem with employing a physics-based attack is that it can be tracked down, and requires hardware to be specially employed for this purpose, so it can't be widely deployed without the attacker getting caught. OTOH, a software worm can travel hundreds of hops before researchers/law enforcement catch wind of it, can be deployed behind 17 proxies, and takes no special hardware to deploy. Aside from denial of service (like shining a bright light at a camera) I'm having trouble coming up with an attack precise enough to cause serious problems, that couldn't be affected via other means (like say an anti-materiel rifle or explosives.)

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
  6. ECM by Templer421 · · Score: 4, Informative

    The military calls it Electronic Counter Measures.

    There is also ECCM, Electronic Counter Counter Measures.

    1. Re:ECM by DontBeAMoran · · Score: 1

      That's nice, but what about ECCCM?

      --
      #DeleteFacebook
    2. Re:ECM by msauve · · Score: 1

      You can do that for a while, but most of them can only counter to 10.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    3. Re:ECM by Bing+Tsher+E · · Score: 1

      So they're just 7490's, huh?

    4. Re:ECM by Bing+Tsher+E · · Score: 1

      You can't cheat and count the overflow pin.

  7. The problem starts with by AHuxley · · Score: 1

    management who did not want union workers on site.
    An engineer could use networking to replace many of the workers.

    Now people work out that the sensors can be manipulated over distances.
    Buy new, better sensors? With new code? Build a wall around a sensitive site? Have security patrol large areas of private land around sensitive sites?
    Work out the distance that sound and other signals can still be a problem and buy up the land around a site greater that that range?
    Build a wall, fence around the site.
    Cant buy the land? Build a stronger wall, use a sally port. Consider the way mil factories got designed in the 1950-90's. Lots of land, few windows, a strong fence with guards on duty.
    Keep the bad people away from the secrets and harden the networks. Find out who is going to want to alter the result of sensors. Spies? Other nations? Faith groups? Environmental activists? Party political activists? Ex and former gov/mil workers/contractors with skills and site plans? Competitors?
    Start looking at who is walking, driving around, using a camera near the "sensors" that are so important. Use some facial recognition, voice prints, get a license plate. Consider the size and amount of equipment needed for sound and other signals to work over distances. What size are the "special tools"? A truck? Van? Car? Laptop? Bag? A tablet? Look for strangers walking, driving around the fence line who do not belong.

    --
    Domestic spying is now "Benign Information Gathering"
  8. First... by GerryGilmore · · Score: 3, Interesting

    ....I am not (yet) buying into this IoT hype. Certainly between smart TVs and thermostats, etc. the use of IP-enabled devices is expanding, but...there's no cohesive vision/standard tying everything together, thereby limiting its ultimate usefulness beyond today's "Let me check my refrigerator app on my iPhone..." nonsense. Secondly, why use "physics-based attacks" when very, very basic methods remain as open as a whorehouse without a roof! Perspective remains absent...

    1. Re:First... by GerryGilmore · · Score: 1

      PS - Reminds of my days at Intel when they were pushing "VIVE" which promised to unify all of your media devices at home into a single, unified, glorious interface.....Yeah.

  9. Where's the exploit? by Gravis+Zero · · Score: 2

    All I'm can tell here is that some sensors can be tricked into recording incorrect data. What I don't understand is how this can be turned into an attack. I mean, unless your security is based on shaking your phone like a maraca, I really don't see how this can be used to attack you. Anyone have an idea what this guy's freak out is all about?

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:Where's the exploit? by 110010001000 · · Score: 1

      You are kidding, right? Sensors are used everywhere in industry. The idea is that if you can fool a sensor, you can control entire industrial systems. For example, blow up a power plant.

    2. Re:Where's the exploit? by Gravis+Zero · · Score: 2

      The idea is that if you can fool a sensor

      Well let's be clear, you aren't fooling a sensor, you are providing additional data to a sensor.

      you can control entire industrial systems. For example, blow up a power plant.

      If there is any way that bad sensor input can result in a power plant exploding then you clearly designed the system improperly.

      --
      Anons need not reply. Questions end with a question mark.
    3. Re:Where's the exploit? by freeze128 · · Score: 2

      "If there is any way that bad sensor input can result in a power plant exploding then you clearly designed the system improperly."

      That's almost exactly how 3-mile island had a "mishap". A water-level gauge (mechanical) was stuck, and the operator on duty didn't know that the coolant level was almost to minimum. A bad sensor could have told you the exact same thing.

    4. Re:Where's the exploit? by JaredOfEuropa · · Score: 1

      Exactly: poor design. A simple countermeasure against that sort of thing is to have redundant sensors. Redundancy also helps against these attacks: it'll be that much harder to physically attack multiple sensors at the same time, especially in a way that affects all of them equally.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    5. Re:Where's the exploit? by Gravis+Zero · · Score: 1

      "If there is any way that bad sensor input can result in a power plant exploding then you clearly designed the system improperly."

      That's almost exactly how 3-mile island had a "mishap". A water-level gauge (mechanical) was stuck, and the operator on duty didn't know that the coolant level was almost to minimum.

      That's a great example of an improperly designed system! Reactors have since been redesigned so that nothing so trivial as a bad sensor could cause problems. Modern energy systems are designed around the idea that something going awry will physically trigger it's own countermeasure. The Fukushima disaster never would have happened if had they not overridden the safeguards in place.

      --
      Anons need not reply. Questions end with a question mark.
  10. WTF??? by Patent+Lover · · Score: 1

    Are they sure this wasn't written by a bot?

  11. New name for side-channel attacks or click-bait? by misnohmer · · Score: 1

    Not sure what is new here. Side channel attacks such as voltager glitching, timing, or power measurements have been known for a while (heard of meltdown lately? - timing attack).

    That said, I'm still not sure this is even a real article. The images of Tesla used look like a click-bait to include the name "Tesla" in the article - many cars have parking sensors. Also, the figure of Tesla display in the article is BS - the right-most part (c) shows tire pressure, nothing to do with ultrasonic sensor readings shown in parts (a) (b), so it definitely does not show "jammed distance" as claimed in the article. That lack of readings will shows up when you first start driving, until the first TPMS sensor readings are picked up by the computer, so they hacked nothing. I bet you can jam the TPMS signals of course since they use radio to transmit information, but that is not news.

  12. Whew! by Ol+Olsoc · · Score: 1

    Good thing we've legislated physics out of the picture.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  13. Only read as far as "Researchers warn of physics" by No+Longer+an+AC · · Score: 1

    And was reminded of the wisdom of Solomon....Dick Solomon that is.

    "Guns don't kill people, physics kills people!"

  14. New kind of attack by hcs_$reboot · · Score: 1

    Interesting. A couple weeks after the revolutionary Spectre and Meltdown attacks, another "new way" exploit (likewise, sensors have been used for decades, yet that kind of attack makes the news only today)

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  15. thats nothing... by JustNiz · · Score: 3, Funny

    the vast majority of computer systems, including those responsible for the security of our country remain totally vulnerable to liberal arts-based attacks expressed through the medium of interpretive dance.

    1. Re:thats nothing... by Falconhell · · Score: 1

      https://firstdogonthemoon.com....

  16. Re:Only read as far as "Researchers warn of physic by freeze128 · · Score: 1

    It's "physically impossible"!

    https://www.youtube.com/watch?v=sH9MJBLXtxs

  17. What's in a Name by dcw3 · · Score: 1

    Am I the only one who noticed? Brought to you by the team of Fu and Xu!

    --
    Just another day in Paradise
  18. This is not new, but cheap IoT makes it worse by Bearhouse · · Score: 1

    There's nothing new about physically fooling sensors; the NVA/VC used to hang bags of urine in trees as a low-tech solution to the US's sophisticated human detection devices...

    https://en.wikipedia.org/wiki/...

    But I think what they're getting at here is that as people increasingly throw together IoT devices (and phones, and PCs...) using

    (a) the same (cheap and easily fooled) hardware, and
    (b) the same commodity firmware / software stacks and libraries, with damn-all security insight

    There will not be the same kind of "end to end" systems engineering applied that one would expect - say - from a car or airplane manufacturer...

    And yet you'll be entrusting your family's safety, security & data to cheap-ass, easy to crack-and-hack, commodity IoT devices that will be always-on, always-listening, always-connected and running your power, HVAC, fire detection and physical access systems...

  19. Had to re-read this article by warGod3 · · Score: 2

    For some reason, I read it as "Researchers warn of psychics based attacks on sensors" and I was disappointed. After re-reading it, I was still disappointed, but for a different reason.

    --
    "Be polite, be professional, but have a plan to kill everybody you meet." General James Mattis
  20. Re: Oh FFS by sound+vision · · Score: 1

    Air conditioning decreases humidity, not increases it. So in the absence of other factors, like the camera being non-stationary or being buffeted by gusts of non-air-conditioned air at the right time, you'd be wasting your time.
    But even this scenario is grossly oversimplified. Obscuring a camera isn't the type of attack that they are worried about. It's more like causing sensors (or the other physical components of a system) to report false data in such a way that it tricks the software into doing what the attackers want it to. It's less "taping over a camera to break into Burger King" and more Stuxnet. You do know what Stuxnet is right? Read up, specifically the details.

  21. Star Trek is relevant again by decep · · Score: 1

    If Geordi La Forge were around today, he would get a DMCA cease and desist for the "physics-based attack" of "reversing the polarity of the deflector dish".

  22. Re:Chinese sensors. by Verdatum · · Score: 1

    But what if more expensive sensors are met with more expensive physics???

  23. Re: Retarded science by Verdatum · · Score: 1

    I hate to break it to you, but Universities were overrun by liberals in the 18th century and maintained that control ever since. Please take more care the next time you feebly attempt to be shocking and edgy.