Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Operating Systems Software Hardware Science Technology

Researchers Warn of Physics-Based Attacks On Sensors (securityledger.com) 85

chicksdaddy shares a report from The Security Ledger: Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned. In an article in Communications of the ACM, researchers Kevin Fu of the University of Michigan and Wenyuan Xu of Zhejiang University warn that analog signals such as sound or electromagnetic waves can be used as part of "transduction attacks" to spoof data by exploiting the physics of sensors. Researchers say a "return to classic engineering approaches" is needed to cope with physics-based attacks on sensors and other embedded devices, including a focus on system-wide (versus component-specific) testing and the use of new manufacturing techniques to thwart certain types of transduction attacks.

"This is about uncovering the physics of cyber security and how some of the physical properties of systems have been abstracted to the point that we don't have a good way to describe the security of the system," Dr Fu told The Security Ledger in a conversation last week. That is particularly true of sensor driven systems, like those that will populate the Internet of Things. Cyberattacks typically target vulnerabilities in software such as buffer overflows or cross-site scripting. But transduction attacks target the physics of the hardware that underlies that software, including the circuit boards that discrete components are deployed on, or the materials that make up the components themselves. Although the attacks target vulnerabilities in the hardware, the consequences often arise as software systems, such as the improper functioning or denial of service to a sensor or actuator, the researchers said. Hardware and software have what might be considered a "social contract" that analog information captured by sensors will be rendered faithfully as it is transformed into binary data that software can interpret and act on it. But materials used to create sensors can be influenced by other phenomenon -- such as sound waves. Through the targeted use of such signals, the behavior of the sensor can be interfered with and even manipulated. "The problem starts with the mechanics or physics of the material and bubbles up into the operating system," Fu told The Security Ledger.

This discussion has been archived. No new comments can be posted.

Researchers Warn of Physics-Based Attacks On Sensors

Comments Filter:
  • by whoever57 ( 658626 ) on Thursday January 25, 2018 @10:09PM (#56004837) Journal

    If I hit something with a hammer, is that a "physics-based attack", or a physical attack?

    • by ShanghaiBill ( 739463 ) on Thursday January 25, 2018 @11:05PM (#56005111)

      If I hit something with a hammer, is that a "physics-based attack", or a physical attack?

      Both. TFA is using the term "physics-based attack" to mean any attack that is not via software.

      • by msauve ( 701917 )
        "TFA is using the term "physics-based attack" to mean any attack that is not via software."

        So, the TFA claims phishing and social engineering are "physics-based attacks?" I'm not seeing it.
        • by gnick ( 1211984 )

          So, the TFA claims phishing and social engineering are "physics-based attacks?" I'm not seeing it.

          I think you know full well that's neither the case nor what Bill meant. You could RTFA and find out.

        • So, the TFA claims phishing and social engineering are "physics-based attacks?" I'm not seeing it.

          How would an attack on a sensor be based on phishing or social engineering? I'm not seeing it.

    • I read the title as "physics-based attacks on censors." Which would be way more entertaining.

    • by Jane Q. Public ( 1010737 ) on Friday January 26, 2018 @02:31AM (#56005601)
      This has to be among the vaguest OPs I've read on Slashdot to date.

      There is no description of how the physical attacks might affect the software, although that is the recurring theme. Am I to assume that this is about the fact that hitting the IP cam hard with a hammer, that might affect its ability to transmit video?

      Are we supposed to infer from this amazingly vague word salad that we should write our software to account for such an event? If so, that might make sense, but it isn't actually stated anywhere.
      • by ceoyoyo ( 59147 )

        Some "journalist" wanted to write a story about hacking, but, you know, different. They then located some guy who builds sensors who was willing to wax poetic about systems engineering, and voila.

    • What if the attack is based on moving electrons around in conductors? If electrons are not physical, then please go to your nearest physics department and tell the people to start hitting things with hammers instead. Although using this logic, I guess Rowhammer would count as physical.

      See also: digital music vs. CDs.

    • by gweihir ( 88907 )

      Both, clearly. For a non-physical attack, you would have to curse the device or, say, conjure a fire-elemental to scorch it (which would then be a physical attack by the fire-elemental, but a non-physical by you).

      This neatly shows the terminology is bullshit and merely an attempt to make irrelevant and obvious research sound important.

  • Direct hits from nuclear weapons can cause issues with the long-term reliability of sensors.

    Don't do that.

    I'll send you the bill for my consulting fee.

  • by gurps_npc ( 621217 ) on Thursday January 25, 2018 @10:28PM (#56004947) Homepage

    Those are the worst.

    • Wow- a Russian/Trump agent replied to my post.

      I feel... violated.

  • by iggymanz ( 596061 ) on Thursday January 25, 2018 @10:38PM (#56004989)

    All analog sensors are susceptible to "physics based attacks" too. Like putting device that gives off a lot of heat under a thermostat to get a nice cool comfy workspace....

    • Or what about smoke screens? Human eyes are analog sensors too.

      This article basically describes every attempt to avoid or deceive an observer - human, animal, or otherwise - since time began.

  • by mentil ( 1748130 ) on Thursday January 25, 2018 @10:39PM (#56004999)

    This sounds like how radar guns can clock a house going 100MPH due to the heater causing it to malfunction. Or side-channel attacks. The problem with employing a physics-based attack is that it can be tracked down, and requires hardware to be specially employed for this purpose, so it can't be widely deployed without the attacker getting caught. OTOH, a software worm can travel hundreds of hops before researchers/law enforcement catch wind of it, can be deployed behind 17 proxies, and takes no special hardware to deploy. Aside from denial of service (like shining a bright light at a camera) I'm having trouble coming up with an attack precise enough to cause serious problems, that couldn't be affected via other means (like say an anti-materiel rifle or explosives.)

  • ECM (Score:5, Informative)

    by Templer421 ( 4988421 ) on Thursday January 25, 2018 @11:02PM (#56005097)

    The military calls it Electronic Counter Measures.

    There is also ECCM, Electronic Counter Counter Measures.

  • management who did not want union workers on site.
    An engineer could use networking to replace many of the workers.

    Now people work out that the sensors can be manipulated over distances.
    Buy new, better sensors? With new code? Build a wall around a sensitive site? Have security patrol large areas of private land around sensitive sites?
    Work out the distance that sound and other signals can still be a problem and buy up the land around a site greater that that range?
    Build a wall, fence around the sit
  • First... (Score:4, Interesting)

    by GerryGilmore ( 663905 ) on Thursday January 25, 2018 @11:12PM (#56005149)
    ....I am not (yet) buying into this IoT hype. Certainly between smart TVs and thermostats, etc. the use of IP-enabled devices is expanding, but...there's no cohesive vision/standard tying everything together, thereby limiting its ultimate usefulness beyond today's "Let me check my refrigerator app on my iPhone..." nonsense. Secondly, why use "physics-based attacks" when very, very basic methods remain as open as a whorehouse without a roof! Perspective remains absent...
    • PS - Reminds of my days at Intel when they were pushing "VIVE" which promised to unify all of your media devices at home into a single, unified, glorious interface.....Yeah.
  • by Gravis Zero ( 934156 ) on Thursday January 25, 2018 @11:26PM (#56005197)

    All I'm can tell here is that some sensors can be tricked into recording incorrect data. What I don't understand is how this can be turned into an attack. I mean, unless your security is based on shaking your phone like a maraca, I really don't see how this can be used to attack you. Anyone have an idea what this guy's freak out is all about?

    • You are kidding, right? Sensors are used everywhere in industry. The idea is that if you can fool a sensor, you can control entire industrial systems. For example, blow up a power plant.
      • The idea is that if you can fool a sensor

        Well let's be clear, you aren't fooling a sensor, you are providing additional data to a sensor.

        you can control entire industrial systems. For example, blow up a power plant.

        If there is any way that bad sensor input can result in a power plant exploding then you clearly designed the system improperly.

        • "If there is any way that bad sensor input can result in a power plant exploding then you clearly designed the system improperly."

          That's almost exactly how 3-mile island had a "mishap". A water-level gauge (mechanical) was stuck, and the operator on duty didn't know that the coolant level was almost to minimum. A bad sensor could have told you the exact same thing.
          • Exactly: poor design. A simple countermeasure against that sort of thing is to have redundant sensors. Redundancy also helps against these attacks: it'll be that much harder to physically attack multiple sensors at the same time, especially in a way that affects all of them equally.
          • "If there is any way that bad sensor input can result in a power plant exploding then you clearly designed the system improperly."

            That's almost exactly how 3-mile island had a "mishap". A water-level gauge (mechanical) was stuck, and the operator on duty didn't know that the coolant level was almost to minimum.

            That's a great example of an improperly designed system! Reactors have since been redesigned so that nothing so trivial as a bad sensor could cause problems. Modern energy systems are designed around the idea that something going awry will physically trigger it's own countermeasure. The Fukushima disaster never would have happened if had they not overridden the safeguards in place.

  • Are they sure this wasn't written by a bot?
  • Not sure what is new here. Side channel attacks such as voltager glitching, timing, or power measurements have been known for a while (heard of meltdown lately? - timing attack).

    That said, I'm still not sure this is even a real article. The images of Tesla used look like a click-bait to include the name "Tesla" in the article - many cars have parking sensors. Also, the figure of Tesla display in the article is BS - the right-most part (c) shows tire pressure, nothing to do with ultrasonic sensor readings sh

  • Good thing we've legislated physics out of the picture.
  • And was reminded of the wisdom of Solomon....Dick Solomon that is.

    "Guns don't kill people, physics kills people!"

  • Interesting. A couple weeks after the revolutionary Spectre and Meltdown attacks, another "new way" exploit (likewise, sensors have been used for decades, yet that kind of attack makes the news only today)
  • by JustNiz ( 692889 ) on Friday January 26, 2018 @02:51AM (#56005649)

    the vast majority of computer systems, including those responsible for the security of our country remain totally vulnerable to liberal arts-based attacks expressed through the medium of interpretive dance.

  • Am I the only one who noticed? Brought to you by the team of Fu and Xu!

  • There's nothing new about physically fooling sensors; the NVA/VC used to hang bags of urine in trees as a low-tech solution to the US's sophisticated human detection devices...

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    But I think what they're getting at here is that as people increasingly throw together IoT devices (and phones, and PCs...) using

    (a) the same (cheap and easily fooled) hardware, and
    (b) the same commodity firmware / software stacks and libraries, with damn-all security insight

    There will not be the same

  • For some reason, I read it as "Researchers warn of psychics based attacks on sensors" and I was disappointed. After re-reading it, I was still disappointed, but for a different reason.

  • If Geordi La Forge were around today, he would get a DMCA cease and desist for the "physics-based attack" of "reversing the polarity of the deflector dish".

Q: How many IBM CPU's does it take to execute a job? A: Four; three to hold it down, and one to rip its head off.

Working...