Trick or Heat? Attack on Amplification Circuits to Abuse Critical Temperature Control Systems

by   Yazhou Tu, et al.

Temperature sensors are extensively used in real-time monitoring and control of critical processes, such as maintaining thermal stability in incubators that treat low birth weight or sick newborns, or monitoring critical biological and chemical reactions. Therefore, compromising the data reliability of temperature sensors can lead to significant risks to safety-critical automated systems. In this paper, we show how an adversary can remotely spoof and maliciously control the measured temperature of infant incubators, which could lead to hyperthermia or hypothermia in newborns. The attack exploits the rectification effect of operational and differential amplifiers to generate controlled sensor outputs, tricking the internal control loop to heat up or cool down the cabin temperature without being detected by the automatic alarm system. We show how this attack is not limited to incubators, but affect several other critical and non-critical cyber-physical systems employing different temperature sensors, such as thermistors, RTDs, and thermocouples. Our results demonstrate how conventional shielding, filtering, and sensor redundancy techniques are not sufficient to eliminate the threat. So, we propose and implement a new anomaly detector for temperature-based critical applications to ensure the integrity of the temperature data.



There are no comments yet.


page 11


Cyber-Resilience Evaluation of Cyber-Physical Systems

Cyber-Physical Systems (CPS) use computational resources to control phys...

Towards Adversarial Control Loops in Sensor Attacks: A Case Study to Control the Kinematics and Actuation of Embedded Systems

Recent works investigated attacks on sensors by influencing analog senso...

Blockchain application in simulated environment for Cyber-Physical Systems Security

Critical Infrastructures (CIs) such as power grid, water and gas distrib...

Unified Physical Threat Monitoring System Aided by Virtual Building Simulation

With increasing physical threats in recent years targeted at critical in...

TFRD: A Benchmark Dataset for Research on Temperature Field Reconstruction of Heat-Source Systems

Temperature field reconstruction of heat source systems (TFR-HSS) with l...

Using analog scrambling circuits for automotive sensor integrity and authenticity

The automotive domain rapidly increases the embedded amount of complex a...

Thermal Safety and Real-Time Predictability on Heterogeneous Embedded SoC Platforms

Recent embedded systems are designed with high-performance System-on-Chi...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

Temperature sensors are widely used in cyber-physical systems [42]. To reach a pre-set temperature, temperature control systems automatically heat-up or cool-down the target environment based on the feedback from a temperature sensor. This temperature control process is crucial to many automated tasks and is extensively adopted in industrial, health-care and daily-life applications.

Recent works have demonstrated that analog sensor components can be susceptible to electromagnetic interference (EMI) and sound waves, exposing the physical layer of the system to remote attacks [32, 50, 48, 51, 15]. For example, Foo Kune et al. [32] utilized radio frequency injection to induce amplifiers and ADCs to act as demodulators to recover voice in a microphone, Trippel et al. [50] exploited the aliasing effect to control the digital measurement of MEMS accelerometers using modulated sound waves. Yan et al. [57] intentionally saturate mid-range radar sensors by injecting strong interference signals.

We bridge the gap of sensor security research by explaining how to affect the DC voltage outputted by temperature sensors, exploiting the internal circuit components of operational and differential amplifiers, to generate a controlled rectification effect in the signal conditioning path (Fig. 1). The rectification effect is the conversion of a high-frequency AC signals to DC signals as the result of the nonlinear behavior of amplifiers internal diodes and transistors [5].

Figure 1: An illustration of the general signal conditioning path of a temperature sensor. Our attack can bypass conventional noise filtering generating a controllable DC offset at the ADC input.

It is challenging to measure and analyze the rectification effect in circuits caused by EMI injection since the path and strength of induced EMI signals cannot be accurately predicted. To understand the rectification effect, we build a typical temperature sensing circuit and conduct EMI injection experiments - both direct power injection (DPI) and remote radiation - on the circuit. Our experimental results show how, by injecting EMI signals with specific frequencies and power levels, a stable DC offset can be induced and manipulated to control the temperature signal. We demonstrate how the rectification effect can be induced into different points of the signal amplification stage, including the input, the power and the ground lines connected to the amplification circuits.

We demonstrate how to control the output of off-the-shelf temperature sensors such as thermocouples, resistance temperature detectors (RTDs), and thermistors. Furthermore, we show the effect of our attacks on safety-critical systems such as infant incubators. For newborns, maintaining a constant abdominal skin temperature between and provides a Neutral Thermal Environment (NTE), eliminating the risks of cold stress or severe hyperthermia [13, 9]. Our results show that an adversary can spoof the temperature sensors of an incubator, causing the automatic close loop control to heat-up or cool-down the cabin to unsafe temperatures. For instance, an adversary can increase the measured skin temperature of an infant incubator by or decrease it by when the attack is launched from an adjacent room through a 15 cm thick wall without triggering the automatic alarm system111An anonymized demo video of the heating attack effect is available at

Manufacturers usually adopt certain levels of shielding or filtering in the design to mitigate external noise and interference. However, these countermeasures are ineffective for our modulated EMI attack [5]. To identify the rectification effect, and mitigating the potential attack consequences, we discuss the limitation of common hardware and software defenses, and we propose and implement a novel anomaly detector based on the superheterodyne technique.

In summary, we list our main contributions as follows:

  • Characterization of the rectification effect in amplifiers from a security prospective. We perform the first security study on temperature-based cyber-physical systems. We show how internal non-linearities on amplifiers used temperature sensors can be exploited to manipulate the output readings. We describe the physical theory behind the rectification effect, discovering the missing link between the temperature misreadings and electromagnetic theory.

  • Injection attacks on temperature sensor systems. Our work improves upon existing work on EMI injection attacks to examine the efficacy of EMI attacks on temperature sensors systems. We test various modulated EMI remote injection attacks in out-of-the-shelf thermocouples, RTDs, and thermistors, monitoring temperature and voltage variations. Then, we evaluate the attack capability on real-world critical and non-critical temperature sensing and control systems. Based on the insights, we extract the fundamental threats of the attack at the system level.

  • Defensive strategies to mitigate the rectification effect. By describing and discussing the limitations of both hardware and software defense methods currently implemented by manufacturers, we define defensive design methods to make temperature-based critical system more resilient to malicious injection attacks.

2 Background

Noise Rejection and EMI-based Attacks

Noise rejection in analog sensor systems is a major challenge for device manufactures. Undesired interference signals can appear at various stages of the signal conditioning path (Fig. 1) due to capacitive, inductive, or radiative coupling. Depending on the conduction mode of the interference, differential-mode (or normal-mode) noise can appear across the lines of an electric circuit following the same direction as the power supply current. In contrast, in common-mode noise, current flows in the same direction along different lines with the same voltage with reference to the earth [25]. External RFI/EMI noise sources can induce both common-mode and differential-mode noise, therefore sensor designers usually install suppression filters on the circuitry lines more susceptible to noise, such as the input terminals of the amplification stage. Modulated EMI attacks usually target systems lacking noise suppression circuits, tuning the interference transmitter to a carrier frequency equal to the resonant frequency of the target circuit component to maximize the induced voltage. By varying the amplitude of the transmitting signal, the adversary is able to inject signals that can be used to exploit different physical phenomenons within the signal conditioning path, such as intermodulation distortion or aliasing effects [32, 50].

Rectification Effect in Amplifiers

The rectification effect is a well-known phenomenon in operational and instrumentation amplifiers (op-amps and in-amps). The origin of this phenomenon is due to non-linearities of internal amplifier components: Fiori et al. [22, 23] investigated the output voltage offset caused by transistors in differential pairs and op-amps. Wu et al. [56] measured the rectification behavior of popular in-amps in both common and single-ended EMI noise injection modes. They showed that a DC offset is caused by the nonlinear behavior in the internal diodes inside in-amps.

High frequency common-mode noise sources can induce this rectification phenomenon leading in an unwanted DC component on the amplifier output signal [5]. In particular, the effect is directly proportional to the square of the interfering signal’s amplitude, regardless of the amplifier type. In the case of bipolar junction transistor (BJT) based amplifier, the rectified DC current change would be , where is the amplitude of injected EMI signal, is the quiescent collector current of the transistor, is a constant equal to 25.68 mV at 25 for BJT based amplifiers [5]. Assuming that the resistance of the receiving circuitry is , the power of the injected EMI is , we have . Therefore, we can represent the induced DC offset as


In our work we conduct specific modulated EMI attacks in order to maximize the rectification effect to produce false readings in temperature sensors.

3 Threat Model

This work describe how affect temperature sensors measurement by inducing a DC voltage in the signal conditioning path using EMI, allowing arbitrary false data injection against analog and digital systems, bypassing filters and common defenses.

Knowledge of the System.

We assume that an attacker has previous knowledge of the system, including the temperature sensors used (negative temperature coefficient [NTC] thermistors, Thermocouples, etc.) and the signal conditioning circuit (e.g., type of amplifier). We can assume that an attacker might have access to similar systems to estimate the attack effects (white box approach). Otherwise (black box approach), an attacker may need to have feedback from the system data to receive real-time information of the attack effect (e.g., temperature data, lights that reveal heating/cooling operations in case of a closed-loop system).

Figure 2: The setup of direct power injections through different injection points of a typical NTC circuitry. In this illustration, the signal injection circuit is connected to the power line (injection point ).
Attacker Goal.

The goal of the attacker is to manipulate the reading of temperature sensors in order to maliciously control the behaviour of a target system. Depending on the application domain, an attacker may have different motivations for compromising the system, ranging from decreasing the instrumentation precision to a complete disruption of the system.

Attacker Capability.

The attacker can mount the attack equipment several meters away, even from adjacent rooms using specialized equipment, such as a power supply, RF amplifier, a directional antenna, and a signal generator.

4 Analysis of EMI in Circuits

We construct a typical temperature sensing circuit to study the effects of intentional EMI injection. We analyze the properties of EMI attacks on our circuit by conducting both direct power injection and electromagnetic radiation experiments on it.

Figure 3: Direct power injection on different entry points in the NTC circuit with 15 dBm. We scan through 10 MHz to 1.5 GHz with a step of 10 MHz and record the DC offset. Both positive and negative DC offset can be induced.

The experimental circuitry consists of an NTC thermistor and an op-amp on a prototype PCB board, as shown in Fig. 2. A 10-kilohm NTC thermistor is wired in a bridge circuit. The differential voltage is collected by a Texas Instruments (TI) LM1458 op-amp. By measuring the output voltage of the amplifier and the temperature-dependent resistance of the thermistor, the corresponding temperature can be calculated. A bypass capacitor () connects the input differential pairs. We choose the circuit elements based on temperature sensing circuits used in infant incubators [1, 2]. During the experiments, the and power lines were provided by an Agilent E3630A triple output power supply.

4.1 Analysis of Attack Frequency

To achieve adversarial control over the sensor output - instead of general disruption of the sensing system - adversaries would first need to find the specific attack frequencies that induce significant DC offset in the victim circuitry.

Direct Power Injection (DPI) Experiments.

In DPI, EMI signals are injected directly into desired injection points on the circuit. In this way, we can avoid interference from unintentional EMI radiation on other parts of the circuits and ensure that the DC offset we measure is caused by our injected signal. We can also control the power of the injected EMI more accurately with DPI.

We use an Agilent N5172B vector signal generator as the EMI signal source. During the experiments, we connect the RF output of the generator to each of the signal injection points on the circuit, as illustrated in Fig.

2. A capacitor () is used to decouple the DC signal in the experimental circuitry from the signal injection circuitry. We monitor the output of the amplifier with an Agilent MSOX4054A oscilloscope.

The power of the injected EMI signals is kept at 15 dBm (equivalent to 32 mW). For each injection point, we inject single-frequency AC signals swept from 10 MHz to 1.5 GHz at a step of 10 MHz, and record the corresponding DC offset, as shown in Fig. 3. We also record the peak-to-peak voltage of the output of the amplifier in Fig. 4.

Figure 4: The peak-to-peak voltage of the amplifier output during DPI experiments. As the frequency increases, the magnitude of the AC signal tends to decrease and approaches the noise floor.
Observations and Analysis.

From Fig. 3 and 4, we can observe that EMI signals injection in certain frequencies induce a large DC offset but with a relatively small AC peak-to-peak voltage in the output of the amplifier. These frequencies can be used in EMI attacks to gain adversarial control over the amplified signal. Based on the frequency of EMI, the induced DC offset varies and could be either positive or negative. As a result, adversaries can select specific frequencies to increase or decrease the temperature measurement maliciously.

Additionally, we validate that the DC offset can be induced by EMI signals injected through different points of the circuits. The power and ground lines can also be exploited to induce the DC offset when connected to the input circuitry of the amplifier. EMI signals injected through the power supply of the amplifier can result in a DC offset as well. In real-world attacks, possible injection points for malicious EMI signals can be either the sensor wire or relatively long PCB traces, such as the power or ground lines connected to the analog circuits.

4.2 Power Analysis

To gain effective control over the sensor signal, the attacker need to control the amount of the induced DC offset to control the temperature variation. In this subsection, we investigate the relationship between the amount of the induced DC offset and the power of EMI through analysis and EMI injection experiments.

Figure 5: The relationship between the amount of the induced DC offset and the power of directly injected EMI.

Theoretically, the amount of the induced DC offset is proportional to the power of the injected EMI [5]. To validate the effectiveness of the analysis, we conduct DPI experiments on the experimental circuitry, injecting EMI signals to each of the injection points and selecting the EMI frequencies corresponding to peaks and troughs in Fig. 3 to induce the DC offset. As shown in Fig. 5, when we inject EMI signals directly into the circuitry, the power of transmitting EMI is positively related to the amount of the induced DC offset. The relationship can be considered as locally proportional but could present a changing rate that slightly decreases as the power of EMI grows.

In remote EMI injection attacks with a transmitting power (), and the power of remotely injected EMI () can be represented as:


and are the gains of the transmitting and receiving antennas respectively. Note that the victim circuit works as a receiving antenna. is the wavelength of EMI signals. is the attack distance between the adversary’s antenna and the victim circuit. depends on the type of antenna that is used by the attacker. When is certain, the received power is proportional to , , and . The receiver could be leads of the sensor probe or relatively long PCB trances in the analog circuits, and the gain of the receiving antenna can be described as , is the effective area of the antenna. Usually, a longer sensor wire or a larger size of analog circuits on the PCB board could indicate larger and receiving gain.

Given a specific victim circuitry, EMI signals at a specific frequency, and a certain attack distance, from Equations 1 and 2, we can infer that the induced DC offset is proportional to the power of transmitting EMI. We conduct remote EMI injection experiments to validate the relationship between the power of the transmitted EMI and the amount of the induced offset. During the experiments, we shield the PCB with a metal box to mitigate interference. We also shield the probe of the oscilloscope with aluminum shielding sleeves. We aim EMI signals to the NTC sensor probe with a directional antenna from 0.2 m away. As shown in Fig. 6, the relationship between and can be considered as locally proportional but presents a changing rate that decreases as grows.

Figure 6: Results of remote EMI injection experiments on the NTC-based experimental circuitry. With an emitting power of 32 dBm (1.6 W), we sweep through 300 to 1300 MHz to record the induced DC offset (left). The relationship between the amount of the DC offset and the transmitting power of EMI (right).
Analysis Limitations.

The above analysis is not aimed to calculate the DC offset accurately. Its goal is to identify and estimate the relationship between the induced DC offset and the power of EMI. Some NTC thermistor based applications could also adopt a simple wiring such as a voltage divider. The voltage corresponding to the temperature could be sampled by the ADC directly without being amplified. In such scenarios, our attacks are not likely to succeed.

5 Evaluations on Out-of-the-shelf Temperature Sensors

In this section, we evaluate the effects of EMI injection attacks on thermocouples and RTDs, using off-the-shelf amplifier breakout boards. Our experiments aim to show how an adversary can gain information about the sensor’s vulnerable frequency ranges and gain control of the temperature output signal.

5.1 Thermocouples

At 25 a K-type thermocouple has a Seebeck Coefficient around 41V/. This small voltage signal requires a high amplification phase before the analog-to-digital conversion [20]. Furthermore, the thermocouple leads can easily pick up environmental noise that can appear on both wires, overwhelming the thermocouple signals. For this reason, the signal conditioning circuit of a thermocouple sensor is usually more complex compared to other temperature sensors [20]. In this subsection we study the rectification effect of a remote EMI injection attack on shielded and unshielded (exposed) K-type thermocouples, in open-air, on two different amplifiers.

Experimental Setup.

We perform our injection attack using a directional antenna connected to a USRP Ettus N210 and a ZHL-4240W amplifier. Using the USRP, we generate a sine wave at different amplitude, frequencies, and emission power. A thermocouple breakout board relays the sensor data to the an Arduino Uno, capturing and storing the temperature data. We tested two different types of breakout boards, with differing amplifier models: (1) the SparkFun Thermocouple Breakout board with the amplifier MAX31855K, and (2) the Adafruit Breakout board with the amplifier AD8495. Both the Arduino and breakout boards were protected by a metal box to ensure our results were not skewed by noise injected on the digital circuits. We collected the temperatures and voltage changes under injected EMI in the 300 MHz - 1 GHz range at different distances and transmitting power.

Figure 7: Remote injection attacks at various frequencies, power, and distances performed on a K-type unshielded (KUT) and shielded (KST) thermocouple connected to the amplifier MAX31855K.
Sensor Analysis.

Fig. 7 shows the DC offset calculated for both a K-type unshielded (KUT) and shielded (KST) 1 meter-long thermocouples at various distances on the SparkFun Thermocouple Breakout board. Fig. 8 shows the same experiment using the Adafruit breakout board.

Spoofing Attack on Thermocouples.

Attackers that have capabilities to deliver EMI to the target thermocouple sensor several meters away or from an adjacent room, can spoof the sensor to output arbitrary, attacker-chosen, temperature values. Our experiments demonstrate the spelling of the word “HI" over the output signal (Fig. 9). To achieve the manipulation of the thermocouple output signal we use an AM EMI signal. Assuming a sinusoidal carrier signal , with the amplitude of the signal, the time, and a frequency that induces a DC offset according to the resonant frequency analysis. We vary the amplitude over time, according to the desired words.

Attack Limitations.

To perform a successful modulated attack, the adversary needs to know a frequency that can induce a large enough DC offset, and the capability to regulate the power of the transmitting signal accordingly. An attacker can control the output signal of the thermocouple in a relative manner, depending on the amount of DC offset induced, the distance from the transmitting antenna, and the power of the radiating signal.

Figure 8: Results of remote EMI injection experiments on thermocouples connected to the AD8495 amplifier. We sweep through 300 to 1000 MHz and record the induced temperature change (top). We measure at 0.6 m with different power (middle). We measure in different distances with an emitting power of 32 dBm (bottom).
Figure 9: Spoofing attack on a shielded K-type thermocouple: spelling “HI". We demonstrate the possibility to control the output signal of a temperature sensor using modulated EMI at 1 meter distance from the transmitting antenna.

5.2 RTDs

We test both a shielded and an unshielded PT100 RTD sensor connected to a MAX31865 amplifier breakout board. The amplifier is powered by the power supply of an Arduino Uno R3. The output of the amplifier is acquired by the Arduino through the SPI interface and translated to the measured temperature by a program running on a laptop. First, we generate EMI signals with antennas and sweep the frequency from 10 MHz to 1.5 GHz, but could not observe an offset induced in the measured temperature. We theorized that the MAX31865 amplifier was more susceptible to EMI with lower frequencies. We confirmed this by injecting EMI signals directly into the terminals of the MAX31865 board connected to the RTD. As shown in Fig. 10, by sweeping through 0.01 to 10 MHz, we find that EMI at 0.6 and 2.3 MHz are the most effective to increase and decrease the measured temperature respectively. The amount of the induced temperature change is approximately proportional to the power but it stops to grow when the induced voltage is reaching the maximum voltage range.

Figure 10: Results of DPI experiments on RTD connected to the MAX31865 amplifier. We sweep through 0.01 to 10 MHz with an injection power of 4 dBm and record the induced temperature change (left). The relationship between the amount of the induced temperature change and the power of directly injected EMI (right).

6 Evaluations on Temperature Sensing and Control Systems

Device Sensor Applications Max. Attack
Type /Freq. (MHz) /Freq. (MHz) Distance(m)
Airshield C100 incubator NTC Healthcare +58.4/530 -15.9/865 6
UVP HB-500 hybridization oven Un Lab, Biology +42.4/516 -2.8/453 3.3
Revolutionary Science incufridge Un Lab, Biology +0.9/308 -3.3/309 0.6
Hygger HG-802 heater NTC Aquarium +4.4/336 -33.4/217 2.7
Inkbird ITC-100VH controller KST IoT, oven +78/556 N/A 11.5
Inkbird ITC-1000F controller NTC IoT, brewery N/A -10.6/713 0.9
Inkbird ITC-100RH controller RTD IoT +80.9/453 N/A 16.2
Weller WESD51 KTC Soldering Station N/A -60/530 5
Sun Electronic Systems EC12 KTC Thermal chamber +3.35/686 -2.88/1300 0.3
MakerBot Smart Extruder plus KST 3D printers +10/1000 N/A 0.25
  • NTC: NTC thermistor, KTC: K-type thermocouple, KST: K-type shielded thermocouple, Un: Unknown.

  • The maximum distance that we could achieve a temperature change of .   Estimated.

Table 1: Results of our attack experiments on closed-loop temperature control systems

In this section, we evaluate the attack and discuss potential risks on real-world temperature sensing and control systems.

6.1 Attack Overview

In EMI attacks against real-world temperature control systems, several factors need to be considered: (a) Shielding. Attacks on devices that are tightly shielded by metal panels could require a relatively large transmitting power or a close attack distance to succeed. Devices without effective shielding or devices that demand a high accessibility during the operation might be more vulnerable attack targets. For instance, an infant incubator cannot be fully shielded during its operation. The large control panel, long external sensor wires used in infant incubators can also make the circuits more susceptible to our attack. (b) Attacker’s capability. The attack effect would depend on the attacker’s capabilities to generate EMI signals with enough transmitting power or to find a proper position to launch the attack. (c) Prior knowledge or real-time feedback. The adversary would need prior knowledge of the system or certain types of real-time feedback from the victim device to guide the attack.

Attack steps when the adversary with prior knowledge of the victim system could be: (1) Preparation. Before the real attack, the adversary could select a proper position to launch the attacks. Depending on the attacker’s capability, he/she might be able to launch the attack in proximity, in adjacent rooms, or a certain distance in the open air away from the victim device. The adversary can study the behavior of the victim system or an identical system under attack and get a temperature offset measurement. (2) Attack. When the victim system is in operation, such as when a newborn is kept in the infant incubator, the adversary can generate EMI signals in specific frequencies based on the previous analysis, and manipulate the amount of the induced rectification effect by controlling the EMI power.

When it is not feasible to test an identical device before the attack, the adversary could still carefully select a proper position to launch the attack, but he/she would need certain kinds of feedback during the attack to ascertain the attack effect. The feedback can be either the temperature sensor measurement or the control decision made by the victim system. For instance, an adversary can observe the temperature display in the victim device, listening to the actuators, or monitoring indicator lights and power consumption of the device. A co-attacker or a monitoring device can help monitor the sensor data or the control decision made by the system. In this situation, the attacker can adjust the frequency and amplitude of EMI signals based on the feedback of the system.

We summarize the results of our attack experiments on closed-loop temperature control systems in Table 1. In our settings, the maximum EMI power is 35 dBm. We use a ZHL-4240 amplifier that has a 40 dB gain in the range of 10 MHz to 4.2 GHz [4]. We use a directional antenna to emit EMI with frequencies above 300 MHz, and an extendable dipole antenna for frequencies below 300 MHz. We record the maximum increase or decrease that can be induced in the temperature measurement and corresponding EMI frequencies with an attack distance of 0.1 m. We measure the maximum horizontal distance between the tip of the antenna and the target device that a temperature change of can be induced. For the Inkbird ITC-100VH and ITC-100RH controllers, the manipulated temperature can exceed the maximum temperature range of the device at an attack distance of 0.1 m. We estimate the maximum distance for these two devices based on our indoor measurements and the relationship between the induced temperature change and the attack distance (From Equations 1 and 2, we have ).

6.2 Infant Incubator Case

Infant incubators provide special care to infants born prematurely, and help them keep a proper body temperature. The temperature control system in the incubator maintains its Neutral Thermal Environment (NTE) by operating in two modes: skin servocontrol mode (skin-mode) and air temperature control mode (air-mode). The skin-mode is designed to maintain the neonate’s abdominal skin temperature constant, whereas the air-mode is based on the control of the circulating incubator air temperature [18]. The simplest way to achieve a thermoneutral environment is to maintain a constant abdominal skin temperature between and , in the skin-mode. This range minimizes the number of calories needed to maintain normal body temperature and reduces the risks of cold stress and overheating [13]. Usually, NTC thermistors are used to monitor the skin and air temperature in the incubator system.

Figure 11: Maximum increase/decrease in the skin temperature measurement that can be achieved by EMI attacks on the infant incubator with different attack distances (left). Induced changes in the skin temperature measurements with different emitting power at an attack distance of 0.2 m (right).
Experimental Setup.

We conduct our attack on an Airshield C100 incubator. The chassis of the incubator is shielded with aluminum. However, the control panel, indicator lights, and displays on the chassis are less protected. There are also air circulation holes on the top of the chassis. The system has four NTC temperature sensors in total - two auxiliary sensor probes and two internal sensors [1]. In skin-mode, the system regulates the temperature based on the feedback of one of the auxiliary temperature sensors attached to the infants skin. The system would sound a high-temperature alarm if any of these sensors detects a temperature higher than .

It is possible to remotely inject EMI signals by aiming at the sensor wire through the hood assembly, or at the chassis of the infant incubator. In our experiments, we find that it is more effective to aim the EMI signals to the front control panel or the top of the chassis. Both the skin and air temperature sensor measurements can be manipulated by the attack. However, the amount of induced change is less in the air temperature measurement than in the skin temperature. As shown in Fig. 11, we measure the maximum increases and decreases that can be induced in the skin temperature measurement with various attack distances and EMI power. During the experiments, the incubator is functioning in the skin temperature mode. We place the directional antenna in front of the incubator and aim it to the control panel of the incubator.

Heating Attacks.

An adversary can decrease the measured skin temperature and trick the incubator into overheating. The automatic high-temperature alarm activates if any of the sensors detects a temperature higher than . Therefore, an attacker can induce the system to reach the maximum temperature of remaining undetected. This excessive temperature can result in hyperthermia in newborns with consequent dehydration, lethargy, hypotonia, etc. [8].

With an attack distance of 2 m in the open air, an attacker can decrease the measured skin temperature by (Fig. 11). An attacker can also launch the attack from an adjacent room. In our experiments, the infant incubator is placed 0.1 m away from a wall that has a thickness of 15 cm. With the wall between the adversary and the incubator, the adversary in the adjacent room can decrease the measured temperature by with an attack frequency of 855 MHz. The system trying to compensate for the induced temperature change is tricked to heat up and increase the cabin temperature.

Cooling Attacks.

Compared to heating attacks, cooling attacks can remain completely undetectable, since there is not an automatic alarm that activates if the cabin temperature drop below a specific threshold. With an attack distance of 2 m in the open air, an attacker can increase the measured skin temperature by (Fig. 11). With the same setup of the heating attack, an attacker in the adjacent room can increase the measured skin temperature by . As a result, the temperature control system in the incubator would be tricked by the malicious temperature measurement to cool down. The newborn would likely get hypothermia when its auxiliary temperature drops below or below . In this case, the newborn is at a greater risk of heat loss, such as decreased subcutaneous fat, poorly developed metabolic mechanism for responding to thermal stress (e.g., no shivering), and altered skin blood-flow, etc. [8].

Preset Temperature Alarm.

An attacker can also avoid triggering the preset alarm of the incubator. The preset alarm actuates if the baby or air temperature fluctuates from the selected preset temperature. In particular, if the difference between the measured and preset temperatures is larger than . For instance, in the heating attack experiments, the attacker can increase the EMI power slowly, maintaining the difference between the measured and preset temperature less than . The time necessary to slowly change the temperature is less than 8 minutes. Nurses usually check the infant’s skin temperature of the newborns every 30 to 60 minutes [12]. An adversary can exploit this interval to pursue the attack without being detected.


The goal of the above experiments is to investigate potential consequences in critical healthcare systems induced by our attacks on temperature sensors. We demonstrate that attackers can maliciously control the system to heat up or cool down with intentional specific EMI signals. The maximum distance for an adversary to induce a change of in the skin temperature measurement is 6 m. We also demonstrate that an adversary in an adjacent room can attack the system without been detected. Since temperature control systems are usually stationary during the operation, an adversary can carefully select a proper attack position to launch the attack.

Because of accessibility issues, we are not able to conduct experiments on more types of infant incubators. The susceptibility of a system to the rectification effect depends on the design of the system and components used in the signal conditioning circuits. Manufacturers of infant incubator suggests to keep the device at a distance of at least 3.68 to 7.37 meters from an EMI source that has a power of 10 W [10]. However, this provision might not be easy to be carried out effectively in practice especially when considering intentional attacks launched from adjacent rooms.

6.3 Industrial and Laboratory Applications

6.3.1 Industrial Thermal Chambers

An attacker can affect temperature sensors that are used in delicate industrial and biological processes. For instance, thermal chambers can be used to conduct specified environmental tests on biological items, industrial products, materials, and electronic devices and components. Failure in controlling the temperature can lead to severe consequences, even permanent damage or disruption of the parts under test. For such systems the monitoring of the temperature is vital to the usefulness of the system, which makes them a potential target for our EMI injection attack.

Experimental Setup.

We conduct our experiment on a Sun Electronic Systems EC12 temperature testing chamber, intended for automated test systems and laboratory applications [7]. The metal chamber uses vertical air flow with convection style heating and has two K-type thermocouples, one hidden behind the control board panel devoted to the control of the internal temperature of the chamber, the second one (the user probe) devoted to direct monitoring of critical temperatures on the device under test or certain areas inside the test chamber. The EC12 model supports a mechanically adjustable temperature thermostat, and allows to set upper and lower temperature limits alarms. To perform the attack we use the setup described in Section 5.1. In our test we inject sinusoidal EMI signals from a frequency range of 550 MHz to 1.6 GHz, at a strength of 35 dBm using a directional antenna pointed in the double-paned glass window of the chamber. We maintain constant the temperature of the chamber at 30C, then we turn off the heater circuit breaker during the test, to measure the temperature offset only generated by the attack.

Figure 12: Temperature variation of the thermal chamber and user probe sensors induced by the injection attack at 5 cm distance from the chamber monitoring window and temperature offset at an increasing distance during injection attacks at 686 MHz and 1.3 GHz.
Results and Observation.

We monitored the temperature variation both of the thermal chamber and the user probe. Despite the sensors were been in different locations of the chamber, and the one responsible for the chamber temperature control was protected by a metal internal panel, the injection attack cause simultaneous effects on both (Fig. 12). We tested the injection attack in a distance range varying from 1 m to 2 cm. The increases slowly until a distance of about 30 cm ( at 1m; at 30 cm) when the sensors enter in the radiative near field of the antenna, then sharply increase to at 2 cm around 686 MHz, around 1.3 GHz (Fig. 12).

Figure 13: Maximum increase/decrease in the temperature measurement that can be achieved by EMI attacks on the hybridization oven (left) and the incufridge (right) with different attack distances.
Laboratory Thermal Chambers.

Laboratory chemical or biological processes have very high requirements on the environmental temperature. Devices with temperature control systems are widely used in critical chemical, biological process control in laboratories. An attack on temperature sensors in laboratory process control systems might alter the properties of the generated chemicals, proliferate or reduce the number of specific microorganisms that are sensitive to temperature.

The Revolutionary Science RS-IF-202 incufridge can be used to refrigerate or incubate specimens and other temperature sensitive materials. The incufridge can store heated or refrigerated samples in laboratories and accurately holds a temperature from 5 to 65 [6]. The incufridge has an internal temperature sensor and is well-shielded with metal panels. However, it is possible to manipulate the measured temperature and spoof the system by pointing the antenna to the control panel in EMI attacks. The maximum attack distance is 0.6 m to induce a temperature change of .

The UVP HB-500 hybridization oven accurately controls the temperature of samples in the hybridization or washing process, enabling consistent saturation of sample solutions. It has an internal temperature sensor, but the front and top panels of the device are unshielded, making the device more susceptible to EMI than the temperature testing chamber and the incufridge that we have tested. We summarize the attack results in Fig. 13.

A simple way to attack temperature-based lab process control devices is the cooling attack. For instance, an adversary at 0.1 m away from the hybridization oven can increase the measured temperature by . As a result, the spoofed temperature control system might not heat up at all and the samples would be exposed to the room temperature, making any temperature-sensitive process ineffective. Similarly, an adversary can also try to intensify chemical processes by decreasing the measured temperature and tricking the system to heat up.

6.3.2 3D Printers

An attacker can disrupt a 3D printer’s work by using EMI interference on their extruder. A 3D printer’s extruder is the component responsible for heating and expelling the building material (filament). The control system of an extruder uses temperature sensors (such as thermocouples and thermistors) to constantly monitor and adjust the temperature of its heating chamber. During the building process, the heating chamber temperature must be kept within a certain tolerance dependent on the filament to ensure the quality of the build and to prevent a buildup of filament [21].



Figure 14: Attack results against the 3D printer’s extruder Smart Extruder plus. At 400 MHz, the attack cause the disconnection of the extruder (a, b). At 1 GHz the temperature perceived is 10 degrees higher than the actual temperature of 23 C.
Experimental Setup.

We performed the EMI injection attack on two different extruder models: the MakerBot Smart Extruder, and the MakerBot Smart Extruder + (Plus). We installed these extruders onto two identical MakerBot Replicators 3D printers. Both the two models use K-type thermocouple sensors. To perform the attack we use the setup described in Section 5.1. During the course of the frequency sweep we monitored the printer by observing the extruder temperature on the 3D printer’s display. Note that we do not turn on the extruder heating/cooling cycle to prevent damage to the heating chamber. We wait until the temperature of the extruder naturally reaches the equilibrium at room temperature (23C). Then, we injected sinusoidal EMI signals from a frequency range of 400 MHz to 1 GHz, at a strength of 35 dBm using a directional antenna.

Results and Observation.

This test subject the system to sinusoidal EMI signals at increasing distances. We were able to detect temperature changes with our transmission setup at the maximum distance of 25 cm. During the test we observe two main effects. First, on both extruder models at 400 MHz the attack caused that the user panel shows the extruder temperature as zero. Even upon reloading the extruder monitoring system, the displayed temperature remained zero (Fig. 14 a). When we started the “preheat" functionality, the device displayed an error: “Your Smart Extruder has been disconnected" (Fig. 14 b ). When we attack the Smart Extruder Plus at 1 GHz, we were able to increase the perceived temperature of a maximum of 10 C compared to the baseline temperature (Fig. 14 c ). In this last case the system did not give any error messages or indication in the user panel that the measured extruder temperature suddenly changed. Due to this an attacker would be free to manipulate the temperature of the extruder without being detected.

6.4 Other Appliances

We test an aquarium heater, a soldering iron, and several temperature PID control modules. During the experiments, the temperature probe of the Hygger HG-802 aquarium heater is immersed in the water and attached to the inner side of a glass tank. An adversary can decrease the temperature measurement and trick the controller to heat up the water by 9 with an attack distance of 0.5 m and EMI signals at a frequency of 217 MHz. We also show that the temperature sensor of the Weller WESD51 soldering iron can be manipulated to control its actual temperature.

We test three commercial PID control modules: the Inkbird ITC-100VH, ITC-1000F, ITC-100RH, equipped with different types of temperature sensors. They can be used in various IoT applications to measure the temperature of a specific environment and control a heater to regulate the temperature. These devices are usually poorly shielded and can be susceptible to adversarial control even at an attack distance of 10 m (Table 1).

7 Countermeasures

Usually manufacturers implement filters to reduce external and internal electromagnetic interference that can induce the rectification effect, such as common-mode or differential-mode filters on the amplifier input [39]. However, as we demonstrate in our work, out-of-band EMI can induce AC signals that bypass generic filtering and be internally rectified through the amplifier input, output, or power supply pins. Although EMI defenses are known and some are already applied to critical applications [55], consumer electronics are less protected against malicious attacks that affect temperature sensors. In this section we discuss and simulate several passive and active methods to detect or prevent EMI effects on temperature sensors.

7.1 Hardware Defenses

Traditional hardware defenses can take various forms according to the level of mitigation adopted and cost/performance limitations.


Designing short shielded wires between the temperature sensors and amplifier inputs is a good practice to avoid long leads acting as antennas and picking up electric interference. However, the interference induced by the antenna can become normal mode at the point where the cables are connected to the circuit. This happens because of the difference between the terminal impedance of the cable and the terminal impedance of receiver circuit [52]. In this case, a mitigation of the attack consists in adding terminating resistors to the contact points. EMI/RFI enclosures can also be used to block interference. However, openings in the shield are often required to accommodate switches, connectors, indicators, or to provide ventilation. These openings may compromise shielding effectiveness by providing paths for high-frequency interference to enter the circuit board [37]. Moreover, it requires a careful thermal modeling of the system [34]. Another approach consists in sensor shielding when the temperature sensor needs to be externally exposed. In this case, shielding is only effective against interference if it provides a low impedance path to ground. However, some data acquisition systems require the temperature sensor to be grounded, such as thermocouple or RTD probes used in industrial processes [42]. When both the shield and temperature sensors are grounded, a ground-loop current can appear to the amplifier input terminals due to the difference of potential developed between the sensor ground and the amplifier ground connection [14]. When the EMI injection induces common mode noise, the interference can pass through the ground of the shield, creating a ground-loop current that can potentially generate the rectification effect. Some technique can reduce but not eliminate the phenomenon, such as making the shield connection to ground as close as possible to the sensor connection to ground, or use only the ground terminal of the amplifier to connect to the shield and not connect the shield at the amplifier end.

Active and Passive Filters.

In case of op-amp and in-amp, manufacturers apply low-pass filters at the amplifier input pins reduce the EMI signal energy from the input lines. In IC temperature sensors that use an inverting op-amp (e.g., LM35), a filter capacitor is placed between equal value resistors, while in IC temperature sensors (e.g., LM335) that use non-inverting op-amp, the filter capacitor is directly connected to the op-amp input. Precision in-amps in RTD and thermocouples sensors use two low-pass filters to suppress common-mode signals in each input lane and one capacitor to suppress differential-mode signals between the two amplifiers input terminals [5]. These filters are not sufficient for a complete mitigation due to the lines asymmetry and frequency range with respect to our injected interference. For example in thermocouples, the asymmetry between the lines is exacerbated due to the two different conductors tied together. For these reasons, high precision temperature instruments contain additional isolation circuits and active low-pass filters connected to the amplifier input terminals to isolate the field-side and system-side circuitry [3]. Another protection method uses a composition of instrumentation amplifiers: three in-amps, two of these correlated to one another and connected in antiphase [30].

Choke-based filters can be also used as alternative for in-amp input filtering [30]. Despite the good noise suppression, the materials used for the inductance cores can heavily affect the filter performance for high frequency EMI, making the system vulnerable to injection attacks [54].

Amplifier outputs also need to be protected from EMI/RFI, since the interference injected on an output line couples back into the amplifier input where they are rectified and appear again on the output as a DC offset. An RC filter and/or a ferrite bead in series with the amplifier output are the simplest and inexpensive solutions to reduce the DC offset. However, for temperature systems, the output filtering is often limited to the line frequency and its harmonics (50 Hz/60 Hz) due to the interference noise generated when systems operate from the mains power supply [20, 35].

7.2 Software Defenses

Current temperature control systems use multiple sensors to continuously monitor the thermal state of different measurement points or as multiple temperature reference values [5, 24]. In critical infrastructure sectors such as energy and healthcare [29, 40], redundant sensors are used to generate time-dependent estimates of the critical points. In our experiments we demonstrate how similar temperature sensors physically close to each other are affected by similar attack effects (as long as they are in the interference beam area). Sensor fusion techniques might be used to combine data from different sensors in order to produce the best estimation of the true state of a system and decrease the system’s dependence on a single sensor [28]. In systems that rely on temperature sensors, literature provides various software countermeasures based on sensor fusion [31, 33]. Sensor redundancy and sensor fusion significantly increase the effort the adversary must use to overcome the defenses. However, implementing sophisticated sensor fusion techniques remains arduous in large-scale consumer electronic devices.

7.3 Hardware Anomaly Detection System

For critical applications where it is not possible to implement complete shielding, or an effective mitigation filtering of the system and the sensor(s) - such as incubators - detecting the presence of attack attempts becomes crucial for the verifying and maintaining temperature data reliability. A detection circuit can be used as a trigger for emergency measures - such as activating a safe mode where the system restricts its reliance on sensor data. To defend against EMI on Cardiac Implantable Medical Devices (CIED), Foo Kune et al. [32] proposed a cardiac probe to cross-check whether readings from a cardiac signal coincides with the expected values. Wang et al. [53] proposed an additional microphone to detect resonating sound that can affect MEMS gyroscopes. Based on our results, an effective defense for temperature-sensor-based systems that maintains the reliability of the temperature data should account for the frequencies that can induce a rectification effect in the amplifier output signal. Based on this frequency analysis, manufacturers can modify the design of their system to detect and react to attacks in the frequency bands of RFI/EMI signals. We propose a hardware anomaly detector able to identify malicious signal and provide feedback about the reliability of the measurement data.

Design of the Anomaly Detector.

The EMI signal generated by our attack can appear in many different points close to the amplifier where isolation circuitry and filters don’t properly block the high frequency signals. A detector that can measure these signals can be implemented by connecting a low noise amplifier (LNA) and a band-pass filter to the points (such as a trace or wire) sensitive to the malicious signal (Fig. 15). By adopting the superheterodyne technique typical of AM receivers [49], the EMI frequency bands that cause significant DC offset variations can be down-converted to an intermediate frequency (IF). Down-conversion can be achieved by using a mixer and local oscillator. As a result, the use of this technique allows for a “tunable filter", which we can utilize for a tunable detector. Once the signal is digitally converted, amplitude and phase information of the malicious signals at the intermediate frequency can be then analyzed by the processor: (1) providing feedback on the temperature data reliability, (2) allowing the estimation of the measurement error, and (3) compensating it at the software level. The detector can be periodically activated when a temperature measurement is required. A variable oscillator can be used to select multiple vulnerable frequency bands.

Simulation Model and Evaluation.

We simulate the detector against attacks on thermocouple sensors of the same type used in the thermal chamber. In this simulation, our detector can detect signals from 550 MHz to 1 GHz - the range which major affected the sensor (shown in Fig. 7). The simulation was designed using the Simulink environment [11], and consists of an LNA filter with 50 dB gain 3-order Butterworth band-pass filter, followed by a mixer block to down-convert the simulated EMI frequency to an IF frequency of 400 MHz, and an IR filter for filtering the spectral image components. Then, a subsequent 3-order Butterworth IF filter block is followed by an IF amplifier block with 100 dB gain and a noise figure of 2.5 dB. An RF Blockset testbench was used to simulate the EMI injection attack at 35 dBm emitting power of the antenna in our experiments.

To evaluate our design, we use a Software-Defined Radio (SDR) RTL-SDR device [36]. We chose the Realtek RTL2832U chipset with the R820T2 tuner chip, able to detect frequencies from 500 kHz up to 1.75 GHz. An RF exposed connection, collocated with the temperature sensor breakout board, is followed by an RF filter and an LNA amplifier at 50 dB. A mixer with a local oscillator is used for the frequency transposition. The detector also uses Automatic Gain Control (AGC), where the gain varies with the available input power level. As a proof of concept demonstration, we successfully selectively detect a malicious signal at a 3 meter distance from the transmitting antenna, in open air, at a frequency of 503 MHz (corresponding to one of the major effective peaks in Fig. 7). The signal is down-converted to 400 MHz (as shown in Fig. 15). By varying the local oscillators frequency, the detector can also isolate the other vulnerable frequency bands.

Figure 15: Block diagram and calculated gain of the anomaly detector based on superheterodyne method.

8 Discussion

8.1 Attacks on Other Sensors

Other sensing systems such as pressure sensors, and pH sensors can be also susceptible to our attack because the transducer signal of these sensors is usually weak and required an amplification stage similar to temperature-based systems.

Pressure Sensor.

Scales use pressure sensors to measure the weight of an object. Sensor wires distributed inside of the device can make it vulnerable to EMI injection. We test a CGOLDENWALL high-precision lab digital scale that has an accuracy of 0.01 g, which can be used in jewelry, laboratory measurements. We are able to decrease the reading of the scale by 6.37 g at a distance of 0.5 m with an attack frequency of 685 MHz. We also test an Escali L600 L-Series High Precision Lab Scale. At an attack distance of 0.5 m, we can decrease the reading of the scale by 7 g, or increase the reading by 13.9 g with an attack frequency of 685 MHz. Using the same attack technique we show in this work, an adversary might spoof the weight of the goods when trading jewelry or metals.

pH Sensor.

A pH meter measures the difference in electrical potential between a pH electrode and a reference electrode. We test an Apera Instruments PH700 Benchtop Lab pH Meter that has an accuracy of 0.01 pH. At an attack distance of 0.5 m, we can increase the measured temperature by 0.42 with EMI injection at a frequency of 515 MHz.

9 Related Work

EMI Attacks on Sensors.

Analog circuits of sensors are especially susceptible to EMI. Various works show how is possible exploit different non-linearities of circuit components to cause sensors misreadings. Foo Kune et al.[32] showed that bogus signals can be injected into analog sensors such as microphones and electrocardiogram (ECG) sensors in proximity through low-power EMI. Their amplitude-modulated EMI attack method exploited the generation of subharmonics caused by the passage of high frequency signals through common circuit components (e.g. capacitors in the path between the microphones and the amplifier).

Recent studies [16, 44, 43] investigated intentional EMI attacks to modify the input and output signals of ADCs in microcontrollers. By triggering asymmetrical signal clippings in the Electro-Static Discharge (ESD) protection circuit, they showed that a DC offset can be caused by strong non-linear distortions [41] of the signal to bias the ADC input. They evaluated their attack by applying near-field EMI to an exposed circuitry consisting of a single infrared sensor connected to the on-board ADC of a Texas Instruments Tiva C microcontroller. However, to achieve the desired DC offset, an adversary needs to inject EMI signals with a large amplitude to exceed the input range of the ADC, which can be difficult especially when attacking circuits embedded in real-world systems due to attenuation of EMI signals or when the input range of the ADC is large. In addition, it is not clear how feasible the attack is and what security implications it has on real-world systems since the proposed attack was only evaluated on a simple exposed circuitry. [19] investigated the use of intentional EMI to disrupt sensor networks. Interestingly, while they did not intend to spoof the sensor output, they observed a decrease in temperature sensor reading during the experiments without explore the causality.

Different from these works, our work investigates how trigger the rectification effect in amplifiers using external EMI, and exploiting it to control the voltage level of temperature-based control systems. We build a typical amplification circuit of temperature sensors and perform detailed analysis based on the results of our DPI and radiation experiments to study the rectification effect. We demonstrate the feasibility of the attacks on various real-world temperature-sensor-based systems and investigate potential consequences that can be caused by adversaries through intentional EMI.

Sensor Spoofing Attacks.

Sensors have become pervasive in control systems and IoT. Systems inherently trust sensors to measure physical properties and make automated decisions. However, the physical properties measured by sensors can be spoofed by an adversary [38, 46, 57, 45, 17, 58] and the security of analog sensor signals before digitization has been considered as an increasingly important concern [47, 27, 26].

Sensor spoofing attacks on critical medical devices such as a pacemaker and infusion pump were studied in [32, 38]. The works of [46, 57, 45] studied sensor attacks on automotive embedded systems to influence critical decisions made by the automotive system. [17, 48] investigated sensor attacks on unmanned aerial vehicles (UAVs) to affect their movements.

10 Conclusion

Closed-loop control systems rely on sensors to make decisions. This work investigated EMI attacks on amplification circuits of temperature sensors in different kinds of temperature control systems including critical medical devices and devices used for industrial or laboratory process control. We showed how adversaries can trick the system to heat up or cool down by controlling the temperature sensor data with carefully crafted EMI signals. We investigated possible attack scenarios and demonstrated potential safety risks that can be caused by the attack.

Designers of life-critical systems such as infant incubators are supposed to minimize the attack surface. We suggest different defense methods, both hardware and software-based that can increase the difficulty required to successfully perform the EMI injection attack on temperature sensors. For temperature-based critical applications, we propose and measured the effectiveness of an hardware-based anomaly detector that can identify malicious EMI signals and provide feedback about the reliability of the measurement.


We are in the process to coordinate with ICS-CERT to notify manufacturer companies whose sensors and devices we tested. This work is supported in part by US NSF under grants CNS-1812553 and CNS-1330142.


  • [1] Franks Hospital. Air Shields Isolette C-100, C-200 Infant Incubator Service manual. Section:7.,C-200_Infant_Incubator_-_Service_manual.pdf.
  • [2] International Biomedical. AirBorne 185A+ Transport Incubator Service Manual.
  • [3] IOtech. Grounding and Shielding Considerations for Thermocouples, Strain Gages, and Low-Level Circuits.
  • [4] Minicircuits ZHL-4240W broad-band amplifier.
  • [5] Analog Devices. RFI Rectification Concepts., 2009.
  • [6] Revolutionary Science. Product descriptions of the RS-IF-202 Incufridge., 2009.
  • [7] Sun Electronic Systems. Model EC1X environmental chamber user and repair manual., 2011.
  • [8] Champlain maternal newborn regional program. newborn thermoregulation., 2013.
  • [9] The royal children’s hospital melbourne - clinical guidelines (nursing) : Temperature management., 2014.
  • [10] Bistos. BT-500 infant incubator operator manual. Page: 74., 2015.
  • [11] Mathworks. Superheterodyne Receiver Using RF Budget Analyzer App., 2018.
  • [12] Great ormond street hospital for children - clinical guidelines: Thermoregulation for neonates., 2019.
  • [13] Bell, E. F., and Segar, J. L. Iowa neonatology handbook. Retrieved August 14 (2006), 2009.
  • [14] Benedict, R. P., and Russo, R. A note on grounded thermocouple circuits. Journal of Basic Engineering 94, 2 (1972), 377–380.
  • [15] Bolton, C., Rampazzi, S., Li, C., Kwong, A., Xu, W., and Fu, K. Blue Note: How intentional acoustic interference damages availability and integrity in hard disk drives and operating systems. In Proceedings of the 39th Annual IEEE Symposium on Security and Privacy (2018).
  • [16] David, A. W. Effects of Intentional Electromagnetic Interference on Analog to Digital Converter Measurements of Sensor Outputs and General Purpose Input Output Pins. PhD thesis, Utah State University, 2017.
  • [17] Davidson, D., Wu, H., Jellinek, R., Singh, V., and Ristenpart, T. Controlling UAVs with sensor input spoofing attacks. In 10th USENIX Workshop on Offensive Technologies (WOOT) (2016).
  • [18] Décima, P., Stéphan-Blanchard, E., Léké, A., Dégrugilliers, L., Delanaud, S., Libert, J.-P., and Tourneux, P. Does the incubator control mode influence outcomes of low-birth-weight neonates during the first days of life and at hospital discharge? Health 5, 08 (2013), 6.
  • [19] Delsing, J., Ekman, J., Johansson, J., Sundberg, S., Bäckström, M., and Nilsson, T. Susceptibility of sensor networks to intentional electromagnetic interference. In International Zürich Symposium on Electromagnetic Compatibility (2006).
  • [20] Duff, M. L., and Towey, J. Two ways to measure temperature using thermocouples feature simplicity, accuracy, and flexibility. A forum for the exchange of circuits, systems, and software for real-world signal processing (2010).
  • [21] Evans, B. Practical 3D printers: The science and art of 3D printing. Apress, 2012.
  • [22] Fiori, F. An analog front end based on chopped signals highly immune to RFI. In Electromagnetic Compatibility (APEMC), 2015 Asia-Pacific Symposium on (2015), IEEE, pp. 98–101.
  • [23] Fiori, F. A sensor signal amplifier resilient to emi. IEEE Sensors Journal 16, 18 (2016), 7008–7015.
  • [24] Frolik, J., Abdelrahman, M., and Kandasamy, P. A confidence-based approach to the self-validation, fusion and reconstruction of quasi-redundant sensor data. IEEE Transactions on Instrumentation and Measurement 50, 6 (2001), 1761–1769.
  • [25] Gaboian, J. A statistical survey of common-mode noise. Analog Applications (2000).
  • [26] Giechaskiel, I., and Rasmussen, K. B. Sok: Taxonomy and challenges of out-of-band signal injection attacks and defenses. arXiv preprint arXiv:1901.06935 (2019).
  • [27] Giechaskiel, I., Zhang, Y., and Rasmussen, K. B. A framework for evaluating security in the presence of signal injection attacks. arXiv preprint arXiv:1901.03675 (2019).
  • [28] Ivanov, R., Pajic, M., and Lee, I. Attack-resilient sensor fusion for safety-critical cyber-physical systems. ACM Trans. Embedded Comput. Syst. 15 (2016), 21:1–21:24.
  • [29] JIN, X., RAY, A., and EDWARDS, R. M. Redundant sensor calibration and estimation for monitoring and control of nuclear power plants. Transactions of the American Nuclear Society 101 (2009), 307–308.
  • [30] Kitchin, C., and Counts, L. A designer’s guide to instrumentation amplifiers. Analog Devices, 2004.
  • [31] Kong, F.-T., Chen, Y.-P., Xie, J.-M., and Zhou, Z.-D. Distributed temperature control system based on multi-sensor data fusion. In Machine Learning and Cybernetics, 2005. Proceedings of 2005 International Conference on (2005), vol. 1, IEEE, pp. 494–498.
  • [32] Kune, D. F., Backes, J., Clark, S. S., Kramer, D., Reynolds, M., Fu, K., Kim, Y., and Xu, W. Ghost talk: Mitigating emi signal injection attacks against analog sensors. In IEEE Symposium on Security and Privacy (2013).
  • [33] KV, S., and Smet, K. D. Sensor data fusion framework for improvement of temperature sensor characteristics. Measurement and Control 49, 7 (2016), 219–229.
  • [34] Lee, J., Gerlach, D. W., and Joshi, Y. K. Parametric thermal modeling of heat transfer in handheld electronic devices. In Thermal and Thermomechanical Phenomena in Electronic Systems, 2008. ITHERM 2008. 11th Intersociety Conference on (2008), IEEE, pp. 604–609.
  • [35] Mary, M., and Eamonn, D. ADC Requirements for Temperature Measurement Systems., 2006.
  • [36] Mishra, M., Potnis, A., Dwivedy, P., and Meena, S. K. Software defined radio based receivers using rtl-sdr: A review. In 2017 International Conference on Recent Innovations in Signal processing and Embedded Systems (RISE) (2017).
  • [37] Morrison, R. Grounding and shielding techniques in instrumentation. Wiley New York, 1977.
  • [38] Park, Y., Son, Y., Shin, H., Kim, D., and Kim, Y. This ain’t your dose: Sensor spoofing attack on medical infusion pump. In 10th USENIX Workshop on Offensive Technologies (WOOT) (2016).
  • [39] Poulton, A. Effect of conducted EMI on the DC performance of operational amplifiers. Electronics letters 30, 4 (1994), 282–284.
  • [40] Ray, A., and Luck, R. An introduction to sensor signal validation in redundant measurement systems. IEEE Control Systems 11, 2 (1991), 44–49.
  • [41] Redouté, J.-M., and Steyaert, M. EMC of analog integrated circuits. Springer Science & Business Media, 2009.
  • [42] Ross-Pinnock, D., and Maropoulos, P. G. Review of industrial temperature measurement technologies and research priorities for the thermal characterization of the factories of the future. In Proceedings of the Institution of Mechanical Engineers, Part B: Journal of Engineering Manufacture (2016), vol. 230, pp. 793–806.
  • [43] Selvaraj, J. Intentional Electromagnetic Interference Attack on Sensors and Actuators. PhD thesis, Iowa State University, 2018.
  • [44] Selvaraj, J., Dayanıklı, G. Y., Gaunkar, N. P., Ware, D., Gerdes, R. M., Mina, M., et al. Electromagnetic induction attacks against embedded systems. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (2018), pp. 499–510.
  • [45] Shin, H., Kim, D., Kwon, Y., and Kim, Y. Illusion and dazzle: Adversarial optical channel exploits against lidars for automotive applications. In International Conference on Cryptographic Hardware and Embedded Systems (2017), Springer.
  • [46] Shoukry, Y., Martin, P., Tabuada, P., and Srivastava, M. Non-invasive spoofing attacks for anti-lock braking systems. In Cryptographic Hardware and Embedded Systems (2013), Springer.
  • [47] Shoukry, Y., Martin, P., Yona, Y., Diggavi, S., and Srivastava, M. Pycra: Physical challenge-response authentication for active sensors under spoofing attacks. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015), pp. 1004–1015.
  • [48] Son, Y., Shin, H., Kim, D., Park, Y., Noh, J., Choi, K., Choi, J., and Kim, Y. Rocking drones with intentional sound noise on gyroscopic sensors. In Proceedings of USENIX Security Symposium (2015).
  • [49] Stagner, C., Conrad, A., Osterwise, C., Beetner, D. G., and Grant, S. A practical superheterodyne-receiver detector using stimulated emissions. IEEE Transactions on Instrumentation and Measurement 60, 4 (2011), 1461–1468.
  • [50] Trippel, T., Weisse, O., Xu, W., Honeyman, P., and Fu, K. Walnut: Waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In Proceedings of IEEE European Symposium on Security and Privacy (2017).
  • [51] Tu, Y., Lin, Z., Lee, I., and Hei, X. Injected and delivered: Fabricating implicit control over actuation systems by spoofing inertial sensors. In Proceedings of USENIX Security Symposium (2018).
  • [52] Wang, S., and Lee, F. C. Analysis and applications of parasitic capacitance cancellation techniques for emi suppression. IEEE Transactions on Industrial Electronics 57, 9 (2010), 3109–3117.
  • [53] Wang, Z., Wang, K., Yang, B., Li, S., and Pan, A. Sonic gun to smart devices: Your devices lose control under ultrasound/sound. BlackHat USA (2017).
  • [54] Weber, S., Schinkel, M., Hoene, E., Guttowski, S., John, W., and Reichl, H. Radio frequency characteristics of high power common-mode chokes. In IEEE Int. Zurich Symp. on Electromagnetic Compatibility (2005), pp. 1–4.
  • [55] Weston, D. Electromagnetic Compatibility: Methods, Analysis, Circuits, and Measurement. Crc Press, 2016.
  • [56] Wu, C., Li, G., Pommerenke, D. J., Khilkevich, V., and Hess, G. Characterization of the rfi rectification behavior of instrumentation amplifiers. In 2018 IEEE Symposium on Electromagnetic Compatibility, Signal Integrity and Power Integrity (EMC, SI & PI) (2018), IEEE, pp. 156–160.
  • [57] Yan, C., Xu, W., and Liu, J. Can you trust autonomous vehicles: Contactless attacks against sensors of self-driving vehicle. DEF CON 24 (2016).
  • [58] Zhang, G., Yan, C., Ji, X., Zhang, T., Zhang, T., and Xu, W. Dolphinattack: Inaudible voice commands. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017).