Yasser Shoukry is an Assistant Professor at the Resilient Cyber-Physical Systems Lab, University of Maryland. Last month, he made the short trip to NIST’s Gaithersburg headquarters for a full-day IoT Cybersecurity Colloquium, where IoT Privacy Forum founder Gilad Rosner also gave a presentation on the IoT Privacy Threat Landscape.

Yasser’s talk was on Sensor Spoofing: Attacks and Consequences (PDF slides, 62mb).

The opening segment explains his research on spoofing (fooling) wheel speed sensors for calibrating anti-lock braking systems, which prevent accidents on slippery roads.

By placing a thin electromagnetic actuator near the ABS wheel speed sensors, we demonstrated how an attacker could spoof the wheel speed sensors by injecting a magnetic field that replaces the true signal with a malicious one. The mounted attack is of a non-invasive nature, requiring no tampering with ABS hardware and making it harder for failure and/or intrusion detection mechanisms to detect the existence of such an attack … Experiments show that, due to the attack, actions taken by the ABS controller can force the driver to lose control over the vehicle.

Other sensor attacks discussed involve Smart Traffic Systems, power grids, drones, GPS navigation, self-driving cars and medical devices. Yasser’s key messages were:

  • Physical attacks on IoT sensors are feasible, and traditional information security practices will not prevent them because they occur in the analog domain
  • Attacks on small sets of abundant IoT sensors can have catastrophic consequences
  • Hardening of the physics of the sensors is difficult, but necessary and possible

Here is the full presentation (~20min) and concluding Q&As.