Using Sound to Hack Critical Vehicle Sensors

Having demonstrated that sound waves can be used to hack sensors in everything from cars to smartphones, a University of Michigan team led by Associate Professor of Computer Science and Engineering Kevin Fu, has developed  software that can effectively detect and prevent malicious acoustic interference.

This is of particular interest to those working in the automotive industry, where, if false data were delivered to a sensor, the results could be catastrophic. Fu points to the work of his collaborator, University of South Carolina Computer Science and Engineering Professor Wenyuan Xu, whose work over the last seven years has demonstrated that injecting false data into tire pressure sensors by way of radio signal, she could cause a car’s engine control unit to fail. [More recently, Xu garnered the attention of the automotive industry by hacking Tesla’s autopilot system.]

The following background comes by way of a recent University of Michigan release on Fu’s research findings.

…All accelerometers have an analog core—a mass suspended on springs. When the object the accelerometer is embedded in changes speed or direction, the mass moves accordingly. The digital components in the accelerometer process the signal and ferry it to other circuits.

“Analog is the new digital when it comes to cybersecurity,” Fu said. “Thousands of everyday devices already contain tiny MEMS accelerometers. Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.”

“Autonomous systems such as package delivery drones and self-driving cars base their decisions on what their sensors tell them,” said Timothy Trippel, a doctoral student in computer science and engineering and first author of a new paper on the findings.

“Humans have sensors, like eyes, ears and a nose. We trust our senses and we use them to make decisions,” Trippel said. “If autonomous systems can’t trust their senses, then the security and reliability of those systems will fail.”

The trick Trippel and Fu introduced exploits the same phenomenon behind the legend of the opera singer breaking a wine glass. Key to that process is hitting the right note—the resonant frequency of the glass.

The researchers identified the resonant frequencies of 20 different accelerometers from five different manufacturers. Then instead of shattering the chips, they tricked them into decoding sounds as false sensor readings that they then delivered to the microprocessor.

Trippel noticed additional vulnerabilities in these systems as the analog signal was digitally processed. Digital “low pass filters” that screen out the highest frequencies, as well as amplifiers, haven’t been designed with security in mind, he said. In some cases, they inadvertently cleaned up the sound signal in a way that made it easier for the team to control the system.

The researchers recommend ways to adjust hardware design to eliminate the problems. They also developed two low-cost software defenses that could minimize the vulnerabilities, and they’ve alerted manufacturers to these issues…

U-M Tech Transfer, working with Professor Fu, has filed for intellectual property protection on technology to make embedded systems more trustworthy, and commercialization partners are currently being sought to help bring these technologies to market.

Further reading:

New York Times: It’s Possible to Hack a Phone With Sound Waves, Researchers Show

IEEE Spectrum: Smartphone Accelerometers Can Be Fooled by Sound Waves