Easily-tricked MEMS are security threat, says university

March 20, 2017 // By Peter Clarke
Capacitive MEMS accelerometers, widely deployed in smartphones and other consumer goods, can easily be tricked to give false readings and this is a way to bypass embedded system security, according to a research team at the University of Michigan.

Microprocessors have had numerous layers of software protection wrapped around them to improve security as well as hardware support provided for the encryption of keys for encoding and keeping secret data and communications. However, this is effort primarily addressed the threat of hacking over wired or wireless communications channels. Little or no thought has been given to the data that comes from local sensors, which has just been assumed to be valid.

The rapid growth of the market for embedded systems and the Internet of Things and the broad deployment of sensors means a traditional lack of security around sensors has become a security problem, the university research team asserts.

Timothy Trippel, a doctoral student in computer science and engineering at the University of Michigan has written a paper outlining how audio tones of various frequencies and intensities can be used to produce false readings from accelerometers. The key to the exploit is to find the resonant audio frequency for the MEMS structure and use sound at that frequency to defeat the intended reponse to motion, the researchers said.

The researchers identified the resonant frequencies of 20 different models of MEMS accelerometer from five manufacturers. They then used sound to trick them into delivering false sensor readings to the system microprocessor. With the increasing deployment of accelerometers in autonomous vehicles such as drones and automobiles this vulnerability of analog, MEMS and sensors to being "hacked" is clearly a security flaw that needs to be closed as soon as possible Trippel's team argues.

Next: Inaccurate or falsified?