Menu

M2M FEATURE NEWS

Transducer Sensors Suffer Security Risks Based on Physics, Not Malware

By Special Guest
Justin Jett, Director of Audit and Compliance, Plixer
February 09, 2018

The Internet of Things (IoT) is comprised of a massive and rapidly growing number of devices connected to the Internet. These devices include things like household appliances, thermostats, manufacturing robots, cameras, automobiles, biochip transponders and many others. Among these devices are sensors called transducers.

Transducers gather data from the physical world, such as light, sound, vibration, heat, and pressure and convert that information into electrical impulses. Software interprets these electrical impulses to make sense of the data. Recent research conducted by Kevin Fu from the University of Michigan and Wenyuan Xu from Zhejiang University has revealed that transducers are inherently vulnerable to attacks based on physics, not malware.

Physical manipulation can be used to trick transducers into reporting environmental data that is inaccurate. Ambient sound can be used to trick voice recognition sensors. Electromagnetic waves can be used to dupe transducers into inaccurately reporting temperature.

Although the term “transduction attacks” was recently coined by Fu and Xu, these attack surfaces aren’t new. In March of 2017, scientists from Israel demonstrated how a flatbed scanner could be used to gain access to an air-gapped network (like the ones often found in government and military environments). In this case, lasers and smart lightbulbs were used to communicate with the optical sensor of a flatbed scanner.

The attack demonstrated that by altering the input of physical data, in this case light, you could trick the sensor into behaving in a manner different from that which it was intended. Imagine the implication of tricking sensors used in hospitals to measure refrigerator temperatures where medications and specimens are stored. In hospitals or other healthcare environments, refrigeration unit temperatures could be increased, ruining lifesaving medication and destroying medical samples waiting for diagnosis.

In the automobile industry, consider the safety implications. Sensors measuring vehicle acceleration/deceleration for the purposes of airbag deployment could be altered. Airbags could be triggered to go off, even though there was no accident. Sensors measuring the distance of objects could be tricked into causing the vehicle to brake hard while driving at full speed, or fail to brake, causing a collision.

In critical infrastructure, transducers measuring the temperature of data centers or other critical infrastructure could be altered, causing damage to server farms or the failure of public utility systems.

The more our modern world relies on IoT devices and transducers for safety systems, process automation and general data gathering, the more at risk we are from these transducer attacks.

Manufacturers that build transducers should take a system-centric approach to security. This means that they need to ensure the validity of input data being received through a defense in depth approach. Installing additional sensors that look for the types of environmental variations used to trick the system could provide an extra layer of protection for such attacks. With these complimentary sensors, operating systems or computer software could be used to mitigate false data inputs. In this manner, the attack could be thwarted.

About the Author: Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Justin, a graduate of the University of Maine at Farmington, is an avid learning of all things security, with a particular interest in TLS and DNS attacks.




Edited by Ken Briodagh


SHARE THIS ARTICLE
Related Articles

Pod Solutions and Subex to Provide Security for IoT Billing and Connectivity

By: Ken Briodagh    2/22/2018

Subex Limited, a telecom analytics solution provider, has been selected by Pod Solutions, a division of Pod Group, to implement its IoT Security Solut…

Read More

Christian Olivier Named President of Sigfox USA

By: Ken Briodagh    2/21/2018

Sigfox, an international Internet of Things (IoT) connectivity provider, recently announced Christian Olivier will become President of Sigfox USA.

Read More

Semtech and Lacuna Sending LoRaWAN Messages from Space

By: Ken Briodagh    2/15/2018

Lacuna Space extends LoRaWAN network global coverage with satellite connectivity

Read More

InfluxData Raises Millions to Accelerate Growth with Database Platform

By: Ken Briodagh    2/13/2018

$35 Million Series C Financing Led by Sapphire Ventures to Expand Company's Next-Generation Monitoring, Analytics and IoT Apps

Read More

Transducer Sensors Suffer Security Risks Based on Physics, Not Malware

By: Special Guest    2/9/2018

Transducers gather data from the physical world, such as light, sound, vibration, heat, and pressure and convert that information into electrical impu…

Read More