With all the attention given to buffer overflows and side-channel attacks, one of the oldest forms of technology hack has slid into relative obscurity: the sensor hack. But an experiment with accelerometers has revealed a new attack vector on embedded and cyber-physical systems that is reminiscent of the blue boxes once used to obtain free long-distance calls by replaying tones or the Mission Impossible-type hack of tape over part of a proximity sensor.
But, in digital systems, sound has mainly been used as a passive mechanism for hacking. And, even then, it’s a relatively minor contributor to the field of side-channel analysis, where power and electromagnetic emissions provide more reliable signals.
The key to the sonic attack developed by Timothy Trippel, a second-year PhD student at the University of Michigan, and colleagues from both Michigan and the University of South Carolina, is down to the way in which accelerometer signals are conditioned before being analyzed by the host microprocessor.
As a moving mass mounted on a cantilever, a MEMS accelerator is naturally prone to vibration. Those vibrations can become quite intense when the mechanical system is pushed into resonance. The resonant frequency is much higher than the frequency you would associate with actual motion – on the order of 3kHz. But, aliasing can result in the high-frequency signal reflecting down into the range of normal output signals – with the result of biasing the output or overriding it. The low-pass filter and amplifier subsystem could deal with this, but it appears systems out in the field do not, which is perhaps not surprising because of the unconventional nature of the hack.
Proofs of concept
To work out whether the technique would yield usable results, the team got an accelerometer to spell out the word “WALNUT” on a trace by firing modulated audio at it. They then moved on to a couple more applications that show real-world possibilities. One was to subvert the output of a smartphone app that controls a model car. Normally, the user would tilt the phone to steer it. Audio played close to the smartphone controlled the car without the phone moving at all.
Another trial involved getting a Fitbit next to a $5 speaker to register thousands of fake steps. There is a potential fraudulent use of this attack, Trippel and colleagues noted. Some companies, such as the Walgreens pharmacy in the US, offer rewards based on step counts.
Such attacks are unlikely to cause much trouble. However, the ability to bias the output of one or more accelerometers in a robotic arm or drone and throw it off course could lead to more serious problems.
It seems that the attack can be foiled with the use of filter and amplifier designs that take account of the possibility of the use of sound waves to disturb the moving mass – and more effectively filter out the effects of high-frequency disturbances.
In a mirror of what happens, or at least should happen, in the software world, sensor manufacturers have responded to the hack, which was presented to them ahead of public disclosure. Some manufacturers, such as Bosch, have provided updates on mitigation strategies and implementation changes.