DeepAI AI Chat
Log In Sign Up

Electromagnetic Signal Injection Attacks on Differential Signaling

by   Youqian Zhang, et al.
University of Oxford

Differential signaling is a method of data transmission that uses two complementary electrical signals to encode information. This allows a receiver to reject any noise by looking at the difference between the two signals, assuming the noise affects both signals in the same way. Many protocols such as USB, Ethernet, and HDMI use differential signaling to achieve a robust communication channel in a noisy environment. This generally works well and has led many to believe that it is infeasible to remotely inject attacking signals into such a differential pair. In this paper we challenge this assumption and show that an adversary can in fact inject malicious signals from a distance, purely using common-mode injection, i.e., injecting into both wires at the same time. We show how this allows an attacker to inject bits or even arbitrary messages into a communication line. Such an attack is a significant threat to many applications, from home security and privacy to automotive systems, critical infrastructure, or implantable medical devices; in which incorrect data or unauthorized control could cause significant damage, or even fatal accidents. We show in detail the principles of how an electromagnetic signal can bypass the noise rejection of differential signaling, and eventually result in incorrect bits in the receiver. We show how an attacker can exploit this to achieve a successful injection of an arbitrary bit, and we analyze the success rate of injecting longer arbitrary messages. We demonstrate the attack on a real system and show that the success rate can reach as high as 90%. Finally, we present a case study where we wirelessly inject a message into a Controller Area Network (CAN) bus, which is a differential signaling bus protocol used in many critical applications, including the automotive and aviation sector.


page 1

page 11


BarrierBypass: Out-of-Sight Clean Voice Command Injection Attacks through Physical Barriers

The growing adoption of voice-enabled devices (e.g., smart speakers), pa...

Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation

Deep learning models have consistently outperformed traditional machine ...

Detection of Electromagnetic Signal Injection Attacks on Actuator Systems

An actuator is a device that converts electricity into another form of e...

Detection of Message Injection Attacks onto the CAN Bus using Similarity of Successive Messages-Sequence Graphs

The smart features of modern cars are enabled by a number of Electronic ...

A Framework for Evaluating Security in the Presence of Signal Injection Attacks

Sensors are embedded in security-critical applications from medical devi...

UWB-ED: Distance Enlargement Attack Detection in Ultra-Wideband

Mobile autonomous systems, robots, and cyber-physical systems rely on ac...

Demo: iJam with Channel Randomization

Physical-layer key generation methods utilize the variations of the comm...