Are the humble analogue transducers embedded in vast numbers of sensors the next low-level technology in need of a security rethink?
A new research note discussing what are termed “transduction attacks” argues that they are being taken for granted but shouldn’t be.
To simplify, transducers are electronic components that turn analogue signals such as radio, sound or light waves, or the physical movement of something like a gyroscope, into an electrical signal that can be digitised by a computer.
Under our noses, these are becoming ubiquitous, with more appearing every day in voice-activated devices, drones, motor cars, and other IoT systems.
According to the authors:
A transduction attack exploits a vulnerability in the physics of a sensor to manipulate its output or induce intentional errors.
Something targeting a sensor is, then, conducting a sort of spoofing attack to make the sensor respond to a rogue input.
For example, the recent DolphinAttack proof-of-concept demo used inaudible ultrasonic commands to show how voice-activated systems used by cars, smartphones and devices such as Amazon’s Alexa, Apple’s Siri, and Google Now, could be made to dial phone numbers or visit websites.
Researchers have even demonstrated how something as simple as the sound from a YouTube video could be used to control the behaviour of a smartphone’s MEMS accelerometer.
In theory, the same basic principle might be used to disrupt all manner of devices: from interfering with heart pacemakers to making self-driving cars blind to obstacles.
It needs pointing out that these vulnerabilities weren’t caused by a design problem in software but exploit the basic physics of the transducer itself.
How did it come to this?
Most likely, the sensors were designed before the community understood the security risks.
One challenge is that while the principles of this kind of attack are now in the public domain, detecting real-world examples is likely to be very difficult.
The messy solution is to build software integrity checking into devices using these components, and to manufacture them so they respond to a narrower range of inputs (e.g. stop the transducers used by voice-activated devices from being able to “hear” ultrasonic sound).
Given the continued failure by large parts of the IoT to embrace even software security basics this does not bode well.
For those who are prepared to address the problem, this research implies the need for a new generation of transducers, which in turn will need the old-fashioned skills of electrical engineers.
Intriguingly, the authors predict a role for engineers who can approach this problem in an inter-disciplinary way, the lack of which is arguably how the problem developed in the first place.
MikeP
This assumes that the transducers are connected to a device that translates from analogue to digital and it is accessible from an external location. Fact is that most analogue transducers in homes are not connected to the internet via any devices nor are they accessible from outside the home. The exceptions are those devices that form part of an IoT network,. we do not have any such devices. The only connection available to the internet is for our Gigabit Ethernet and WiFi services. None of our transducers are connected to those systems and hence cannot be accessed by external sources. The modem has strong protection incorporated as well as all devices that connect to it having strong AV and Malware protection.
The writer appears to be assuming that people have many devices that are accessible to outside influences. If people do not use any IoT devices, they are unlikely to be at risk, especially if they are security conscious and take steps to ensure all their potentially vulnerable equipment is either not connected to the web or else stromgly protected againast intrusion.
delayedthoughtengineering
I don’t this is so much an issue of rebuilding hardware, as altering the need for software. After all, I would like my sensors to be able to pick up on special frequencies as needed. (If I want a special high-frequency detection app of some kind, I shouldn’t need to purchase a separate sensor add-on.) However, the software that takes the input from the sensor should filter non-standard frequencies as long as it is not needed. (Voice-driven command apps should be listening only for standard-human-voice frequency sounds.)
An additional positive to this solution is that it is a software upgrade, not a hardware refresh. Gyros might need to be redesigned.
To reduce harmonics-based primary-signal alteration, future mounts of sensors might have to be more rubberized and isolated, which will probably bring a welcome improvement in durability.
Kittredge Seely
Part of the problem was a lack of transducer requirements. In the example of the microphone it is obvious that limiting the microphone input bandwidth would solve the problem. Software alone can’t fix this issue, but some hardware modifications will probably be required.
What this means is that in developing IoT devices a good understanding of the UI is required. This includes input from a user, connecting to other devices, interfacing to the physical world, and connecting to internet. Once a development team has identified these interactions the actual design can begin.
peterson@digitalbond.com
Might be nice to name the researchers / authors.
Kevin Fu is Associate Professor of Electrical Engineering and Computer Science at the University of Michigan.
Wenyuan Xu is Professor and Chair of the Department of Systems Science and Engineering at Zhejiang University.
Paul Ducklin
To be fair to us, the first link in the article goes straight to the research note on the ACM website. There, you can get the authors’ names, affiliations, paper, high-res images, and the full bibliography of the other authors whose work they consulted in producing their report. For completeness, here it is as a plain URI:
https://cacm.acm.org/opinion/articles/224627-risks-of-trusting-the-physics-of-sensors/fulltext