Sick Beats: Using music and a smartphone to attack a biosecurity room
Imagine a movie featuring a scene set in a top-secret bioweapons research lab. The villain, dressed in a rabbit costume, enters the facility's inner sanctum - one of the biosafety rooms where only the most infectious and deadly microorganisms are handled. The tension mounts as he pulls out his phone; he will surely use it to affect a dramatic hack, or perhaps set off an explosive device. Instead, it calls up its playlist and... plays a song? What kind of villain is he?
Actually, maybe someone who read a new article about the potential of hacking biosafety rooms using music. The work was done by University of California Irvine researchers [Anomadarshi Barua], [Yonatan Gizachew Achamyeleh] and [Mohammad Abdullah Al Faruque], and focuses on negative pressure chambers found in all manner of facilities , but are of particular concern when used to prevent pathogens from escaping worldwide.
Negative pressure rooms use sophisticated HVAC systems to keep the pressure inside the room lower than outside, and do everything possible to keep it that way. The control systems for these rooms rely on differential pressure sensors, which detect the pressure difference between two orifices separated by a thin diaphragm. Diaphragm deflection due to pressure differences between the two ports can be sensed capacitively or piezoresistively.
The problem is that diaphragms tend to have resonant frequencies in the audio range, making them vulnerable to spoofing. Several different commonly used sensors have been evaluated with audio frequency sweeps, showing a sweet spot of resonance at 700 to 900 Hz. This is perfect for embedding into an audio track, allowing the attacker to hide at the sight - or sound, as the case may be. Adjusting the sensor with this frequency can potentially convince the control system to make an adjustment that removes the air – and any pathogens it contains – from the room. You can imagine the rest.
We've become quite fond of finding and reporting on some of the weirder side-channel attack vectors, like chip bags and clickable keyboards. This attack is particularly terrifying because it both seems more plausible and has much higher stakes.
Featured image: by Steve Zylius / University of California, Irvine
[via TechXplore]
Imagine a movie featuring a scene set in a top-secret bioweapons research lab. The villain, dressed in a rabbit costume, enters the facility's inner sanctum - one of the biosafety rooms where only the most infectious and deadly microorganisms are handled. The tension mounts as he pulls out his phone; he will surely use it to affect a dramatic hack, or perhaps set off an explosive device. Instead, it calls up its playlist and... plays a song? What kind of villain is he?
Actually, maybe someone who read a new article about the potential of hacking biosafety rooms using music. The work was done by University of California Irvine researchers [Anomadarshi Barua], [Yonatan Gizachew Achamyeleh] and [Mohammad Abdullah Al Faruque], and focuses on negative pressure chambers found in all manner of facilities , but are of particular concern when used to prevent pathogens from escaping worldwide.
Negative pressure rooms use sophisticated HVAC systems to keep the pressure inside the room lower than outside, and do everything possible to keep it that way. The control systems for these rooms rely on differential pressure sensors, which detect the pressure difference between two orifices separated by a thin diaphragm. Diaphragm deflection due to pressure differences between the two ports can be sensed capacitively or piezoresistively.
The problem is that diaphragms tend to have resonant frequencies in the audio range, making them vulnerable to spoofing. Several different commonly used sensors have been evaluated with audio frequency sweeps, showing a sweet spot of resonance at 700 to 900 Hz. This is perfect for embedding into an audio track, allowing the attacker to hide at the sight - or sound, as the case may be. Adjusting the sensor with this frequency can potentially convince the control system to make an adjustment that removes the air – and any pathogens it contains – from the room. You can imagine the rest.
We've become quite fond of finding and reporting on some of the weirder side-channel attack vectors, like chip bags and clickable keyboards. This attack is particularly terrifying because it both seems more plausible and has much higher stakes.
Featured image: by Steve Zylius / University of California, Irvine
[via TechXplore]
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
