Compromising Emanations and Sensor Spoofing (Advanced)¶

Unintentional electromagnetic radiation emitted by electronic devices—such as radio-frequency signals—is called emanation. In addition, devices may leak audio signals either as electrical outputs or acoustic emissions, produce heat, and generate vibrations. All these can correlate with the data the device processes or stores. Such information leakage is called a side channel. Side channels are common and have been widely studied.

Sensor spoofing is the (physical) opposite of exploiting signal leaks. Instead of measuring signals, an attacker can adversely influence the system by sending signals that distort the values measured by sensors. This is particularly harmful in autonomous and other cyber-physical systems that have direct impacts on human safety and surrounding infrastructure. (Note, another module discusses attacks against cyber-physical systems.)

Compromising Emanations (Advanced)¶

Techniques for exploiting and mitigating unwanted signal leaks in communication systems originate from military contexts and World War II. At that time, the umbrella term TEMPEST was introduced to describe measures for protecting against risks caused by emanations. TEMPEST protection includes, for example, structures that prevent emanations from spreading beyond the protected area. The Finnish Cybersecurity Centre has published guidelines for mitigating information security risks caused by electromagnetic emanations (Currently in Finnish only).

There are four classes of harmful leaks: acoustic, optical, thermal, and electromagnetic. The sources of leaks and related device characteristics have been extensively studied. It has been repeatedly shown that emanations from analog and digital displays were caused by data transmission through analog video cables and high-speed DVI cables (Digital Serial Interface). However, more recent research shows that emanations are not limited to cables and do not occur only with displays—there are other sources as well.

Some studies have shown that vibrations in electronic components (capacitors and coils) produce high-frequency sound, which, when measured from a computer’s voltage regulation circuit, can be used to break an RSA key—that is, to determine its prime factors. Keystrokes can also be inferred from typing patterns: vibrations caused by typing can be detected, for example, by an accelerometer in a nearby phone. Reflections from various objects (e.g., a spoon, a bottle, or the user’s eye) near a computer display have also been exploited to deduce information shown on the screen.

Implementing attacks that exploit emanations is now relatively easy because modern smartphones contain sensors suitable for such attacks. Phones have cameras, microphones, and accelerometers, so an attacker does not necessarily need expensive or conspicuous specialized equipment to capture leaking signals.

To avoid the dangers of leaks, devices can be kept at a distance, shielded by enclosures, and transmitted signals can be filtered to remove high-frequency components that might reveal processor state changes. In addition, it is generally recommended to place the return conductor of a circuit close to the transmission conductor. These conductors can end up far apart, for example, when the return current flows through a distant ground plane, power cables are routed in separate conduits, or cable management is poor. In such cases, the loop area between the conductors increases, and emanations become stronger. In general, wires and communication systems carrying confidential information should be galvanically isolated (air-gapped) from non-confidential systems.

Sensor Spoofing (Advanced)¶

Many electronic devices have analog sensors that help monitor the environment and make fully autonomous decisions. Examples include self-driving cars, medical devices, and closed-loop control systems. Advanced protection mechanisms such as encryption, authentication, and access control prevent unauthorized access or compromise of device security through communication interfaces. Unfortunately, equivalent protection for data collected by sensors is often unavailable or difficult to achieve because potential attacks on sensors can be hard to model and predict.

Analog sensors have been shown to be particularly vulnerable to spoofing attacks. The nature of sensor spoofing depends on the physical phenomenon the sensor measures. Malicious actions targeting a sensor can be acoustic, optical, thermal, mechanical, or electromagnetic.

Unintentional and especially intentional EMI (Electromagnetic Interference) directed at analog sensors can pose a threat to any system that relies on readings from the affected sensor. EMI-based attacks have been used to manipulate the results of medical devices and to interfere with ultrasound measurement systems. Research has shown that consumer electronics equipped with microphones are particularly susceptible to injected audio signals. Ultrasound signals have been used to deliver silent voice commands, and acoustic waves have been used to influence the output of MEMS accelerometers. MEMS (Microelectromechanical Systems) refers to small-scale sensors and other components. MEMS-based accelerometers and inertial systems are widely used in consumer-grade drones and multicopters.

Sensor spoofing attacks have received significant attention and are likely to affect many functions in future cyber-physical devices. System designers must be extremely cautious and strive to protect analog sensors because an attacker can trigger harmful actions or decisions at the application level by exposing the device to intentional EMI. Possible defenses include analog shielding of devices, measuring signal contamination with multiple sensors, or using dedicated EMI monitors to detect and flag suspicious sensor readings.