Smartphone attacks can release deadly microbes
According to the study, biocontainment facilities in hospitals and laboratories are vulnerable to terrorist attacks.
A team of researchers from the University of California, Irvine has discovered that negative pressure chambers, used in hospitals and laboratories to prevent the spread of deadly pathogens, can be compromised by an attacker using a smartphone. These chambers are designed to protect against the exposure of outdoor areas to harmful microbes.
According to UCI cyber-physical systems security experts, who recently shared their findings at the conference on computer and communications security, mechanisms that control airflow in and out of biocontainment facilities can be tricked into functioning erratically by a sound of a certain frequency, possibly tucked sneaking into a popular song.
“Someone can play a piece of music loaded on their smartphone or have it broadcast from a television or other audio device in or near a negative pressure chamber,” said senior co-author Mohammad Al Faruque, UCI professor of electrical engineering and computer science. “If that music is embedded with a tone that matches the resonant frequency of the pressure regulators of one of these spaces, it could cause a malfunction and a leak of deadly microbes.”
The infrastructure for heating, ventilation and air conditioning ensures that fresh air flows in and polluted air leaves a certain space. HVAC systems in scientific facilities typically include room pressure monitors, which in turn use differential pressure sensors that compare the atmosphere inside and outside of rooms.
The researchers said commonly used DPSs are vulnerable to remote manipulation, posing a previously unrealized threat to biosecurity facilities. They tested their hypothesis on eight industry-standard DPSs from five manufacturers, showing that all devices operate at resonance frequencies in the audible range and are therefore susceptible to manipulation.
“When sound waves collide with the diaphragms in a DPS, it starts vibrating at the same frequency,” said lead author Anomadarshi Barua, UCI Ph.D. candidate in electrical engineering and computer science. “An informed attacker could use this technique to artificially move the diaphragm, changing the pressure reading and causing the entire system to malfunction.”
He said attackers can thwart negative pressure chamber systems in several ways. They can manipulate them wirelessly or pose as maintenance personnel to place an audio device in or near such a room. “In a more sophisticated attack, perpetrators can build sound technologies into a DPS before installing it in a biocontainment facility,” Barua said.
In their conference presentation, the researchers proposed several countermeasures to prevent a musical attack on biosecurity devices. Noise reduction can be achieved by extending the port sampling tube of a DPS by as much as 7 metres. The team also suggested placing the pressure port in a box-like structure. Either measure would reduce the sensitivity of the DPS, Barua said.
Al Faruque said this research project demonstrates the vulnerability of embedded systems to indiscriminate attacks, but stressed that with a little planning and forethought, facilities can be hardened against sabotage.
Reference: “A Wolf in Sheep’s Clothing: Spreading Deadly Pathogens Under the Disguise of Popular Music” by Anomadarshi Barua, Yonatan Gizachew Achamyeleh, and Mohammad Abdullah Al Faruque, November 7, 2022, Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.
#Smartphone #attacks #release #deadly #microbes