Easily-tricked MEMS are security threat, says university

Technology News |
By Peter Clarke

Microprocessors have had numerous layers of software protection wrapped around them to improve security as well as hardware support provided for the encryption of keys for encoding and keeping secret data and communications. However, this is effort primarily addressed the threat of hacking over wired or wireless communications channels. Little or no thought has been given to the data that comes from local sensors, which has just been assumed to be valid.

The rapid growth of the market for embedded systems and the Internet of Things and the broad deployment of sensors means a traditional lack of security around sensors has become a security problem, the university research team asserts.

Timothy Trippel, a doctoral student in computer science and engineering at the University of Michigan has written a paper outlining how audio tones of various frequencies and intensities can be used to produce false readings from accelerometers. The key to the exploit is to find the resonant audio frequency for the MEMS structure and use sound at that frequency to defeat the intended reponse to motion, the researchers said.

The researchers identified the resonant frequencies of 20 different models of MEMS accelerometer from five manufacturers. They then used sound to trick them into delivering false sensor readings to the system microprocessor. With the increasing deployment of accelerometers in autonomous vehicles such as drones and automobiles this vulnerability of analog, MEMS and sensors to being “hacked” is clearly a security flaw that needs to be closed as soon as possible Trippel’s team argues.

Next: Inaccurate or falsified?

Led by Kevin Fu, University of Michigan associate professor of computer science and engineering, the team used precisely tuned acoustic tones to deceive 15 different models of accelerometers into registering movement that never occurred. The approach served as a backdoor into the devices; enabling the researchers to control other aspects of the system.

While the general inaccuracy of some fitness bands is known the researchers used an audio speaker to inject thousands of fictitious steps into a Fitbit. The researchers also were able to use a music file to control the accelerometer trusted by an Android application to pilot a remote-controlled car.

The research team has contacted the unnamed MEMS manufacturers offering to help design ways to eliminate these problems. The team has developed two software defenses that could reduce vulnerabilities. The university has also pursuing patents for its technologies and is seeking commercialization partners to help bring the technology to market.

The research team will present a paper at the IEEE European Symposium on Security and Privacy in Paris on April 26. The paper is titled “WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks.”

Related links and articles:

News articles:

Intrinsic-ID extends SRAM PUF security

Startup opens lab for chip security evaluation

Chip security shield blocks backside hacks

Electronica: CEO forum rambles on IoT security, safety


Linked Articles
eeNews Europe