Researchers Warn of Physics-Based Attacks On Sensors (securityledger.com) 85
chicksdaddy shares a report from The Security Ledger: Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned. In an article in Communications of the ACM, researchers Kevin Fu of the University of Michigan and Wenyuan Xu of Zhejiang University warn that analog signals such as sound or electromagnetic waves can be used as part of "transduction attacks" to spoof data by exploiting the physics of sensors. Researchers say a "return to classic engineering approaches" is needed to cope with physics-based attacks on sensors and other embedded devices, including a focus on system-wide (versus component-specific) testing and the use of new manufacturing techniques to thwart certain types of transduction attacks.
"This is about uncovering the physics of cyber security and how some of the physical properties of systems have been abstracted to the point that we don't have a good way to describe the security of the system," Dr Fu told The Security Ledger in a conversation last week. That is particularly true of sensor driven systems, like those that will populate the Internet of Things. Cyberattacks typically target vulnerabilities in software such as buffer overflows or cross-site scripting. But transduction attacks target the physics of the hardware that underlies that software, including the circuit boards that discrete components are deployed on, or the materials that make up the components themselves. Although the attacks target vulnerabilities in the hardware, the consequences often arise as software systems, such as the improper functioning or denial of service to a sensor or actuator, the researchers said. Hardware and software have what might be considered a "social contract" that analog information captured by sensors will be rendered faithfully as it is transformed into binary data that software can interpret and act on it. But materials used to create sensors can be influenced by other phenomenon -- such as sound waves. Through the targeted use of such signals, the behavior of the sensor can be interfered with and even manipulated. "The problem starts with the mechanics or physics of the material and bubbles up into the operating system," Fu told The Security Ledger.
"This is about uncovering the physics of cyber security and how some of the physical properties of systems have been abstracted to the point that we don't have a good way to describe the security of the system," Dr Fu told The Security Ledger in a conversation last week. That is particularly true of sensor driven systems, like those that will populate the Internet of Things. Cyberattacks typically target vulnerabilities in software such as buffer overflows or cross-site scripting. But transduction attacks target the physics of the hardware that underlies that software, including the circuit boards that discrete components are deployed on, or the materials that make up the components themselves. Although the attacks target vulnerabilities in the hardware, the consequences often arise as software systems, such as the improper functioning or denial of service to a sensor or actuator, the researchers said. Hardware and software have what might be considered a "social contract" that analog information captured by sensors will be rendered faithfully as it is transformed into binary data that software can interpret and act on it. But materials used to create sensors can be influenced by other phenomenon -- such as sound waves. Through the targeted use of such signals, the behavior of the sensor can be interfered with and even manipulated. "The problem starts with the mechanics or physics of the material and bubbles up into the operating system," Fu told The Security Ledger.
"Physics-based attacks"? (Score:5, Insightful)
If I hit something with a hammer, is that a "physics-based attack", or a physical attack?
Re:"Physics-based attacks"? (Score:5, Informative)
If I hit something with a hammer, is that a "physics-based attack", or a physical attack?
Both. TFA is using the term "physics-based attack" to mean any attack that is not via software.
Re: (Score:1)
So, the TFA claims phishing and social engineering are "physics-based attacks?" I'm not seeing it.
Re: (Score:2)
So, the TFA claims phishing and social engineering are "physics-based attacks?" I'm not seeing it.
I think you know full well that's neither the case nor what Bill meant. You could RTFA and find out.
Re: (Score:2)
So, the TFA claims phishing and social engineering are "physics-based attacks?" I'm not seeing it.
How would an attack on a sensor be based on phishing or social engineering? I'm not seeing it.
Re: "Physics-based attacks"? (Score:4, Funny)
Obviously you have no idea how lonely and attention starved radar dishes get. Prime targets for social engineering.
Re: (Score:3)
So, the TFA claims phishing and social engineering are "physics-based attacks?" I'm not seeing it.
How would an attack on a sensor be based on phishing?
You could hit it with a fish
Re: "Physics-based attacks"? (Score:2)
I read the title as "physics-based attacks on censors." Which would be way more entertaining.
Re:"Physics-based attacks"? (Score:4)
There is no description of how the physical attacks might affect the software, although that is the recurring theme. Am I to assume that this is about the fact that hitting the IP cam hard with a hammer, that might affect its ability to transmit video?
Are we supposed to infer from this amazingly vague word salad that we should write our software to account for such an event? If so, that might make sense, but it isn't actually stated anywhere.
Re: (Score:3)
Some "journalist" wanted to write a story about hacking, but, you know, different. They then located some guy who builds sensors who was willing to wax poetic about systems engineering, and voila.
Re: (Score:2)
What if the attack is based on moving electrons around in conductors? If electrons are not physical, then please go to your nearest physics department and tell the people to start hitting things with hammers instead. Although using this logic, I guess Rowhammer would count as physical.
See also: digital music vs. CDs.
Re: (Score:2)
Both, clearly. For a non-physical attack, you would have to curse the device or, say, conjure a fire-elemental to scorch it (which would then be a physical attack by the fire-elemental, but a non-physical by you).
This neatly shows the terminology is bullshit and merely an attempt to make irrelevant and obvious research sound important.
Re: Oh FFS (Score:2)
But even this scenario is grossly oversimplified. Obscuring a camera isn't the type of attack that they are worried about. It's more like causing sensors (or the other physical components of a system) to report false data in such a way that it tricks the software into doing what the
Pro-Tip: Don't detonate a nuke by your sensor (Score:1)
Direct hits from nuclear weapons can cause issues with the long-term reliability of sensors.
Don't do that.
I'll send you the bill for my consulting fee.
Not as bad as the Magic based attacks (Score:4, Insightful)
Those are the worst.
Re: (Score:2)
Wow- a Russian/Trump agent replied to my post.
I feel... violated.
Re: (Score:2)
Re: (Score:2)
what nonsense is this? (Score:4, Funny)
All analog sensors are susceptible to "physics based attacks" too. Like putting device that gives off a lot of heat under a thermostat to get a nice cool comfy workspace....
Re: (Score:3)
Or what about smoke screens? Human eyes are analog sensors too.
This article basically describes every attempt to avoid or deceive an observer - human, animal, or otherwise - since time began.
Re: (Score:2)
all the thermal imaging from cameras I've seen would be useless in a court of law to identify someone; for finding and rescuing in building they're great
Re: (Score:2)
When Physics Attacks (Score:4, Insightful)
This sounds like how radar guns can clock a house going 100MPH due to the heater causing it to malfunction. Or side-channel attacks. The problem with employing a physics-based attack is that it can be tracked down, and requires hardware to be specially employed for this purpose, so it can't be widely deployed without the attacker getting caught. OTOH, a software worm can travel hundreds of hops before researchers/law enforcement catch wind of it, can be deployed behind 17 proxies, and takes no special hardware to deploy. Aside from denial of service (like shining a bright light at a camera) I'm having trouble coming up with an attack precise enough to cause serious problems, that couldn't be affected via other means (like say an anti-materiel rifle or explosives.)
ECM (Score:5, Informative)
The military calls it Electronic Counter Measures.
There is also ECCM, Electronic Counter Counter Measures.
Re: (Score:2)
That's nice, but what about ECCCM?
Re: (Score:2)
Re: (Score:1)
So they're just 7490's, huh?
Re: (Score:1)
You can't cheat and count the overflow pin.
The problem starts with (Score:2)
An engineer could use networking to replace many of the workers.
Now people work out that the sensors can be manipulated over distances.
Buy new, better sensors? With new code? Build a wall around a sensitive site? Have security patrol large areas of private land around sensitive sites?
Work out the distance that sound and other signals can still be a problem and buy up the land around a site greater that that range?
Build a wall, fence around the sit
First... (Score:4, Interesting)
Re: (Score:2)
Where's the exploit? (Score:3)
All I'm can tell here is that some sensors can be tricked into recording incorrect data. What I don't understand is how this can be turned into an attack. I mean, unless your security is based on shaking your phone like a maraca, I really don't see how this can be used to attack you. Anyone have an idea what this guy's freak out is all about?
Re: (Score:2)
Re: (Score:3)
The idea is that if you can fool a sensor
Well let's be clear, you aren't fooling a sensor, you are providing additional data to a sensor.
you can control entire industrial systems. For example, blow up a power plant.
If there is any way that bad sensor input can result in a power plant exploding then you clearly designed the system improperly.
Re: (Score:3)
That's almost exactly how 3-mile island had a "mishap". A water-level gauge (mechanical) was stuck, and the operator on duty didn't know that the coolant level was almost to minimum. A bad sensor could have told you the exact same thing.
Re: (Score:2)
Re: (Score:2)
"If there is any way that bad sensor input can result in a power plant exploding then you clearly designed the system improperly."
That's almost exactly how 3-mile island had a "mishap". A water-level gauge (mechanical) was stuck, and the operator on duty didn't know that the coolant level was almost to minimum.
That's a great example of an improperly designed system! Reactors have since been redesigned so that nothing so trivial as a bad sensor could cause problems. Modern energy systems are designed around the idea that something going awry will physically trigger it's own countermeasure. The Fukushima disaster never would have happened if had they not overridden the safeguards in place.
WTF??? (Score:2)
New name for side-channel attacks or click-bait? (Score:2)
Not sure what is new here. Side channel attacks such as voltager glitching, timing, or power measurements have been known for a while (heard of meltdown lately? - timing attack).
That said, I'm still not sure this is even a real article. The images of Tesla used look like a click-bait to include the name "Tesla" in the article - many cars have parking sensors. Also, the figure of Tesla display in the article is BS - the right-most part (c) shows tire pressure, nothing to do with ultrasonic sensor readings sh
Whew! (Score:2)
Only read as far as "Researchers warn of physics" (Score:2)
And was reminded of the wisdom of Solomon....Dick Solomon that is.
"Guns don't kill people, physics kills people!"
Re: (Score:2)
https://www.youtube.com/watch?v=sH9MJBLXtxs
New kind of attack (Score:2)
thats nothing... (Score:4, Funny)
the vast majority of computer systems, including those responsible for the security of our country remain totally vulnerable to liberal arts-based attacks expressed through the medium of interpretive dance.
Re: (Score:2)
https://firstdogonthemoon.com.... [firstdogonthemoon.com.au]
What's in a Name (Score:2)
Am I the only one who noticed? Brought to you by the team of Fu and Xu!
This is not new, but cheap IoT makes it worse (Score:2)
There's nothing new about physically fooling sensors; the NVA/VC used to hang bags of urine in trees as a low-tech solution to the US's sophisticated human detection devices...
https://en.wikipedia.org/wiki/... [wikipedia.org]
But I think what they're getting at here is that as people increasingly throw together IoT devices (and phones, and PCs...) using
(a) the same (cheap and easily fooled) hardware, and
(b) the same commodity firmware / software stacks and libraries, with damn-all security insight
There will not be the same
Had to re-read this article (Score:2)
For some reason, I read it as "Researchers warn of psychics based attacks on sensors" and I was disappointed. After re-reading it, I was still disappointed, but for a different reason.
Star Trek is relevant again (Score:2)
If Geordi La Forge were around today, he would get a DMCA cease and desist for the "physics-based attack" of "reversing the polarity of the deflector dish".