Sensing danger: Exploiting sensors to build covert channels

Thomas Ulz, Markus Feldbacher, Thomas Pieber, Christian Steger

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Recent incidents have shown that sensor-equipped devices can be used by adversaries to perform malicious activities, such as spying on end-users or for industrial espionage. In this paper, we present a novel attack scenario that uses unsecured embedded sensors to build covert channels that can be used to bypass security mechanisms and transfer information between isolated processes. We present covert channels that require read- and write-access for sensor registers as well as a covert channel that transfers data by just triggering sensor readings so that malicious behavior cannot be distinguished from normal sensor usage. For each presented covert channel we discuss the trade-off between data rate and the likelihood of being detected as well as potential countermeasures. The fastest covert channel we implemented achieves a data rate of 4844 bit/s while the stealthiest but slower covert channel cannot be distinguished from normal user behavior. To highlight the significance of these security issues, we used popular platforms, such as Linux and Android, to evaluate the presented covert channels. However, we do not make any assumption regarding the device's platform, and thus we believe that the presented exploits pose a significant security risk for any sensor-equipped device.

Originalspracheenglisch
TitelICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy
Redakteure/-innenPaolo Mori, Olivier Camp, Steven Furnell
Herausgeber (Verlag)SciTePress - Science and Technology Publications
Seiten100-113
Seitenumfang14
ISBN (elektronisch)9789897583599
PublikationsstatusVeröffentlicht - 1 Jan 2019
Veranstaltung5th International Conference on Information Systems Security and Privacy, ICISSP 2019 - Prague, Tschechische Republik
Dauer: 23 Feb 201925 Feb 2019

Publikationsreihe

NameICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy

Konferenz

Konferenz5th International Conference on Information Systems Security and Privacy, ICISSP 2019
LandTschechische Republik
OrtPrague
Zeitraum23/02/1925/02/19

    Fingerprint

Schlagwörter

    ASJC Scopus subject areas

    • !!Computer Networks and Communications
    • !!Computer Science Applications
    • Information systems
    • !!Safety, Risk, Reliability and Quality

    Dieses zitieren

    Ulz, T., Feldbacher, M., Pieber, T., & Steger, C. (2019). Sensing danger: Exploiting sensors to build covert channels. in P. Mori, O. Camp, & S. Furnell (Hrsg.), ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy (S. 100-113). (ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy). SciTePress - Science and Technology Publications.