Remote attack on temperature sensors threatens safety in incubators and industry
The researchers demonstrated that an adversary could remotely manipulate the temperature sensor measurements without tampering with the targeted system or triggering automatic temperature alarms.
Critical processes from maintaining incubator temperatures to safeguarding chemical reactions in industry rely on real-time monitoring and control from temperature sensors to stay safe and accurate. The ubiquitous devices ensure that these systems make proper adjustments to their sensitive environments, keeping infants healthy and industrial processes safe for the surrounding area.
A research team led by Prof. Kevin Fu at the University of Michigan and Prof. Xiali Hei lab from the University of Louisiana at Lafayette has demonstrated that these temperature control systems, particularly in sensitive devices like infant incubators or industrial thermal chambers, can be remotely manipulated using electromagnetic waves.
The vulnerability is a result of the weakness of analog sensing components. The attack exploits an unintended rectification effect in amplifiers, and can be induced by injecting electromagnetic interference at a certain wavelength through the temperature sensors.
This research was led by the Research Investigator Sara Rampazzi (University of Michigan) and the PhD student Yazhou Tu (University of Louisiana at Lafayette) will be presented at the ACM Conference on Computer and Communications Security (CCS) in November, 2019.
The researchers demonstrated that an adversary could remotely manipulate the temperature sensor measurements without tampering with the targeted system or triggering automatic temperature alarms. For instance, from meters away, or even in an adjacent room, an attacker could trick the internal control system of an infant incubator to heat up or cool down the cabin to unsafe temperatures.
“These dangerous temperatures can raise the risk of temperature-related health issues in infants, such as hyperthermia and hypothermia, which in turn can lead in extreme cases to hypoxia, and neurological complications,” Rampazzi says.
Several different types of analog temperature sensors such as thermocouples, NTC thermistors, and Resistance Temperature Detectors (RTDs) are susceptible to adversarial control.
“The exploit of this hardware-level vulnerability could affect different classes of analog sensors that share similar signal conditioning processes, for example pressure or pH sensors,” Rampazzi says.
The authors described how to defend against the attack, proposing a prototype of an analog anomaly detector that can identify malicious interference in the vulnerable frequency range.
“Once the interference is detected, the signal information can be used by the system software to estimate the sensor data reliability.” Tu says.
The paper is available on ArXiv.