Researchers Warn of Physics-Based Attacks On Sensors

chicksdaddy shares a report from The Security Ledger: Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned. In an article in Communications of the ACM, researchers Kevin Fu of the University of Michigan and Wenyuan Xu of Zhejiang University warn that analog signals such as sound or electromagnetic waves can be used as part of "transduction attacks" to spoof data by exploiting the physics of sensors. Researchers say a "return to classic engineering approaches" is needed to cope with physics-based attacks on sensors and other embedded devices, including a focus on system-wide (versus component-specific) testing and the use of new manufacturing techniques to thwart certain types of transduction attacks.

"This is about uncovering the physics of cyber security and how some of the physical properties of systems have been abstracted to the point that we don't have a good way to describe the security of the system," Dr Fu told The Security Ledger in a conversation last week. That is particularly true of sensor driven systems, like those that will populate the Internet of Things. Cyberattacks typically target vulnerabilities in software such as buffer overflows or cross-site scripting. But transduction attacks target the physics of the hardware that underlies that software, including the circuit boards that discrete components are deployed on, or the materials that make up the components themselves. Although the attacks target vulnerabilities in the hardware, the consequences often arise as software systems, such as the improper functioning or denial of service to a sensor or actuator, the researchers said. Hardware and software have what might be considered a "social contract" that analog information captured by sensors will be rendered faithfully as it is transformed into binary data that software can interpret and act on it. But materials used to create sensors can be influenced by other phenomenon -- such as sound waves. Through the targeted use of such signals, the behavior of the sensor can be interfered with and even manipulated. "The problem starts with the mechanics or physics of the material and bubbles up into the operating system," Fu told The Security Ledger.

"Physics-based attacks"?

[whoever57]

If I hit something with a hammer, is that a "physics-based attack", or a physical attack?

Re:"Physics-based attacks"?

[ShanghaiBill]

If I hit something with a hammer, is that a "physics-based attack", or a physical attack?

Both. TFA is using the term "physics-based attack" to mean any attack that is not via software.

Re:"Physics-based attacks"?

[Jane+Q.+Public]

This has to be among the vaguest OPs I've read on Slashdot to date.

There is no description of how the physical attacks might affect the software, although that is the recurring theme. Am I to assume that this is about the fact that hitting the IP cam hard with a hammer, that might affect its ability to transmit video?

Are we supposed to infer from this amazingly vague word salad that we should write our software to account for such an event? If so, that might make sense, but it isn't actually stated anywhere.

Re: "Physics-based attacks"?

[c6gunner]

Obviously you have no idea how lonely and attention starved radar dishes get. Prime targets for social engineering.

Re:"Physics-based attacks"?

[Nidi62]

So, the TFA claims phishing and social engineering are "physics-based attacks?" I'm not seeing it.

How would an attack on a sensor be based on phishing?

You could hit it with a fish

Re:"Physics-based attacks"?

[ceoyoyo]

Some "journalist" wanted to write a story about hacking, but, you know, different. They then located some guy who builds sensors who was willing to wax poetic about systems engineering, and voila.

Not as bad as the Magic based attacks

[gurps_npc]

Those are the worst.

what nonsense is this?

[iggymanz]

All analog sensors are susceptible to "physics based attacks" too. Like putting device that gives off a lot of heat under a thermostat to get a nice cool comfy workspace....

Re:what nonsense is this?

[RhettLivingston]

Or what about smoke screens? Human eyes are analog sensors too.

This article basically describes every attempt to avoid or deceive an observer - human, animal, or otherwise - since time began.

When Physics Attacks

[mentil]

This sounds like how radar guns can clock a house going 100MPH due to the heater causing it to malfunction. Or side-channel attacks. The problem with employing a physics-based attack is that it can be tracked down, and requires hardware to be specially employed for this purpose, so it can't be widely deployed without the attacker getting caught. OTOH, a software worm can travel hundreds of hops before researchers/law enforcement catch wind of it, can be deployed behind 17 proxies, and takes no special hardware to deploy. Aside from denial of service (like shining a bright light at a camera) I'm having trouble coming up with an attack precise enough to cause serious problems, that couldn't be affected via other means (like say an anti-materiel rifle or explosives.)

ECM

[Templer421]

The military calls it Electronic Counter Measures.

There is also ECCM, Electronic Counter Counter Measures.

First...

[GerryGilmore]

....I am not (yet) buying into this IoT hype. Certainly between smart TVs and thermostats, etc. the use of IP-enabled devices is expanding, but...there's no cohesive vision/standard tying everything together, thereby limiting its ultimate usefulness beyond today's "Let me check my refrigerator app on my iPhone..." nonsense. Secondly, why use "physics-based attacks" when very, very basic methods remain as open as a whorehouse without a roof! Perspective remains absent...

Where's the exploit?

[Gravis+Zero]

All I'm can tell here is that some sensors can be tricked into recording incorrect data. What I don't understand is how this can be turned into an attack. I mean, unless your security is based on shaking your phone like a maraca, I really don't see how this can be used to attack you. Anyone have an idea what this guy's freak out is all about?

Re:Where's the exploit?

[Gravis+Zero]

The idea is that if you can fool a sensor

Well let's be clear, you aren't fooling a sensor, you are providing additional data to a sensor.

you can control entire industrial systems. For example, blow up a power plant.

If there is any way that bad sensor input can result in a power plant exploding then you clearly designed the system improperly.

Re:Where's the exploit?

[freeze128]

"If there is any way that bad sensor input can result in a power plant exploding then you clearly designed the system improperly."

That's almost exactly how 3-mile island had a "mishap". A water-level gauge (mechanical) was stuck, and the operator on duty didn't know that the coolant level was almost to minimum. A bad sensor could have told you the exact same thing.

thats nothing...

[JustNiz]

the vast majority of computer systems, including those responsible for the security of our country remain totally vulnerable to liberal arts-based attacks expressed through the medium of interpretive dance.

Had to re-read this article

[warGod3]

For some reason, I read it as "Researchers warn of psychics based attacks on sensors" and I was disappointed. After re-reading it, I was still disappointed, but for a different reason.