TechRxiv

Exploiting Vulnerabilities of ADC Registers in IoT and Control Systems

Download (819.45 kB)
Version 2 2023-12-02, 19:33
Version 1 2022-10-05, 20:16
preprint
posted on 2023-12-02, 19:33 authored by Eyasu Getahun ChekoleEyasu Getahun Chekole, Rajaram Thulasiraman, Jianying Zhou

An analog-to-digital converter (ADC) is a critical part of most computing systems that converts analog signals into quantifiable digital values. Since most digital devices operate only on digital values, the ADC acts as an interface between the digital and analog worlds. As such, ADCs are commonly used in a wide-range of applications, including internet of things (IoT), industrial control systems (ICS), cyber-physical systems (CPS), audio/video devices, medical imaging, digital oscilloscopes, and cell phones, among others. For example, programmable logic controllers (PLCs) in ICS/CPS often make control decisions based on digital values converted from analog signals by ADCs. Due to its crucial role in various applications, ADCs are often targeted by a wide-range of physical and cyber attacks. Attackers often exploit vulnerabilities that could be found in the software/hardware of ADCs. In this work, we first conduct a deeper study in the ADC conversion logic to investigate relevant vulnerabilities that were not well explored by prior works. As a result, we manage to identify exploitable vulnerabilities on certain ADC registers that are involved in the analog-to-digital conversion logic. As a proof of concept, we construct and develop three attack techniques by exploiting the vulnerabilities identified. Finally, we test the attacks on a mini-CPS testbed we designed using IoT devices, analog sensors and actuators. Our experimental results reveal high effectiveness of the proposed attack techniques in misleading PLCs to make incorrect control decisions in CPS. We also analyze the impact of such attacks when launched in real-word CPS testbeds.

History

Email Address of Submitting Author

eyasu_chekole@sutd.edu.sg

ORCID of Submitting Author

0000-0002-6307-3595

Submitting Author's Institution

Singapore University of Technology and Design

Submitting Author's Country

  • Singapore