Imagine a movie featuring a scene set in a top-secret bioweapons research lab. The villain, dressed in a bunny suit, enters the facility’s inner sanctum — a biosecurity room where only the most infectious and deadly microorganisms are handled. As she pulls out her phone, the excitement builds; Of course he’ll use it to effect some dramatic hack, or perhaps set off an explosive device. Instead, he calls up his playlist and plays… a song? What kind of villain is it?
It turns out, perhaps someone who has read a new paper on the possibility of hacking a biosafety room using music. The work was done by researchers at the University of California Irvine [Anomadarshi Barua], [Yonatan Gizachew Achamyeleh]And [Mohammad Abdullah Al Faruque]and focuses on negative pressure rooms found in all types of facilities, but of particular concern where they are used to prevent pathogens from escaping into the world at large.
Negative pressure houses use sophisticated HVAC systems to keep the pressure inside the house lower than outside, and go to great lengths to keep it that way. Control systems for such rooms rely on differential pressure sensors, which detect the pressure difference between two ports separated by a thin diaphragm. Diaphragm deflection can be sensed capacitively or piezoresistively due to the pressure difference between the two ports.
The problem is, diaphragms have resonant frequencies in the audio range, making them vulnerable to spoofing. Various commonly used sensors were evaluated with an audio frequency sweep, showing a resonance sweet spot at 700 to 900 Hz. It’s right in the ballpark for embedding into an audio track, allowing an attacker to hide in plain sight — or sound, as the case may be. Tweaking the sensor with this frequency can potentially convince the control system to make an adjustment that removes the air — and any pathogens it contains — from the room. You can imagine the rest.
We’ve been pretty picky about finding and reporting some oddball side-channel attack vectors as weird as potato chip bags and clicky keyboards. This attack is especially scary because it both seems more logical and has more parts
Featured Image: By Steve Zilius/University of California Irvine