Mitigating IoT transduction attacks

Michael Patterson, CEO of Plixer

There are serious risks to modern-day sensors through “transduction attacks” according to research conducted jointly by Kevin Fu from the University of Michigan, and Wenyuan Xu from Zhejiang University. The vulnerability could result in real-world problems for those that use devices equipped with sensors.

To be clear, sensors (also called transducers) are electrical components that turn analog signals, e.g., radio, sound, light, etc. into an electrical signal that can be interpreted by a computer. A transduction attack exploits a vulnerability in the physics of a sensor to manipulate its output or induce intentional errors, says Michael Patterson, CEO of Plixer.

For example, malicious acoustic interference can influence the output of sensors trusted by software in systems ranging from smartphones to medical devices to autonomous vehicles. * What this means to consumers and businesses is that devices that have been put in place for consumer safety are now the devices that could have serious, even dangerous ramifications.

It has long been understood that vehicles equipped for remote connectivity can be hacked. However, the systems can be updated continuously, and over the air (OTA), to provide additional layers of security at the software level. Such is not the case with sensors.

So, if your car can connect to Pandora, Spotify, or the like, it may be possible to connect to it remotely and take control of the many systems that are controlled by the software installed. The manufacturer of your vehicle, however, can update the software to make it more difficult to hack.

This is not the case with sensors. Sensors are connected to the electrical components of the vehicle and relay data related to their function to the car’s internal OS. As an example, a proximity sensor on the front of your vehicle provides information to the cars emergency braking software to automatically brake the vehicle should the driver be unaware of an impending crash.

While the name “transduction attack” is new, the actual threat is not. DolphinAttack, revealed last summer, is an example of a transduction attack that has been successful in the wild. Additionally, as was indicated in the Communications of the ACM article, Fu and Xu’s research showed that Tesla’s sensors were fooled into hiding and spoofing obstacles. In the case of DolphinAttack, converting voice commands to ultrasound frequencies was a quick way to gain near-control of a device like Apple’s iPhone or Amazon’s Echo.

What remains to be seen is how manufacturers and software developers that develop and produce sensors will react to provide additional safeguards to devices and services. In many cases, software changes can prevent fault sensors from being used in malicious ways.

For example, if speech recognition software were written to only process input from normal human voice frequencies, and ignore frequencies used to trick the sensors, i.e., ultrasound, the physics of the sensor would no longer pose a security concern because only well-displayed attacks would properly activate the sensor. This is unlikely to take place because you can imagine how quickly an attacker would be stopped if they were sending audible sound over the air to try to take over someone’s iPhone by issuing “Hey Siri” commands.

It is difficult to say, though, the likelihood of companies addressing these sensor vulnerabilities in their software. After all, many audio sensors are used to track users’ locations for advertising purposes. If software was written to ignore the ultrasound frequencies being projected by companies looking for advertising opportunities, there could be a significant loss in ad revenue.

Understanding the problem, though, is only half the battle. Educating sensor creators of cyber-vulnerabilities is key to reducing vulnerabilities. Manufacturers that produce sensors should take a system-centric approach to security. This means that they need to ensure the validity of data even if a sensor is compromised or becomes faulty. Doing so, though, will require a third-party validation.

Installing additional sensors that look for environmental variations used to circumvent the validity of system sensors could provide an extra layer of protection for such attacks. With these additional sensors, operating systems or computer software could change systems accordingly to notify users of a fault and prevent unexpected behavior from happening.

To completely mitigate such attacks, manufacturers, and software developers must work together to create purpose-built systems that remove, as best as possible, the intrinsic vulnerabilities that sensors necessarily have as a mechanism of their function.

While this may mean that sensors will no longer be usable in thousands of devices (they will only be built and used for a specific application), it will mean that the sensors that are being used will be safer for the consumers that use them.

The author of this blog is Michael Patterson, CEO of Plixer

About the author:

Michael Patterson is CEO of Plixer. Michael worked in technical support and product training at Cabletron Systems while he finished his Masters in Computer Information Systems from Southern New Hampshire University. He joined Professional Services for a year before he left the ‘Tron’ in 1998 to start Somix which eventually became Plixer International.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Semtech enhances global connectivity with NTN support in HL78 modules

Posted on: March 29, 2024

Semtech Corporation has announced the integration of non-terrestrial network (NTN) support into its HL series LPWA modules, specifically the HL7810 and HL7812. This significant advancement showcases a leap forward in enabling uninterrupted global connectivity even amidst the most challenging conditions.

Read more

Enhance EV charging performance with cellular connectivity

Posted on: March 28, 2024

Electric vehicles (EVs) are steadily growing their market share at the expense of internal combustion engine vehicles. The growth is fuelled by several factors. Perhaps most importantly, prices for EVs have started to drop as competition in the industry is intensifying. New players and models are emerging, prompting several established EV makers to lower their

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more