Trick or Heat? Attack on Amplification Circuits to Abuse Critical Temperature Control Systems
Temperature sensors are extensively used in real-time monitoring and control of critical processes, such as maintaining thermal stability in incubators that treat low birth weight or sick newborns, or monitoring critical biological and chemical reactions. Therefore, compromising the data reliability of temperature sensors can lead to significant risks to safety-critical automated systems. In this paper, we show how an adversary can remotely spoof and maliciously control the measured temperature of infant incubators, which could lead to hyperthermia or hypothermia in newborns. The attack exploits the rectification effect of operational and differential amplifiers to generate controlled sensor outputs, tricking the internal control loop to heat up or cool down the cabin temperature without being detected by the automatic alarm system. We show how this attack is not limited to incubators, but affect several other critical and non-critical cyber-physical systems employing different temperature sensors, such as thermistors, RTDs, and thermocouples. Our results demonstrate how conventional shielding, filtering, and sensor redundancy techniques are not sufficient to eliminate the threat. So, we propose and implement a new anomaly detector for temperature-based critical applications to ensure the integrity of the temperature data.
READ FULL TEXT