Hospitals are at risk: Smartphone attacks could release deadly germs

Researchers have suggested soundproofing or enclosing the pressure port in a protective structure as a way to prevent musical attacks on biosecurity facilities. Both measures would reduce the sensitivity of the differential pressure sensor.

According to the study, biological containment facilities in hospitals and laboratories are vulnerable to terrorist attacks.

A team of researchers from the University of California at Irvine have discovered that negative pressure chambers, which are used in hospitals and laboratories to prevent the spread of deadly pathogens, can be compromised by an attacker using a smartphone. These chambers are designed to protect against exposure of outdoor areas to harmful microbes.

According to UCI cyber-physical systems security experts, who recently shared their findings at the Computer and Communications Security Conference, the mechanisms that control the flow of air into and out of biocontainment facilities can being made to operate irregularly by a sound of a particular frequency, possibly surreptitiously hidden in a popular song.

“Someone could be playing a piece of music loaded onto their smartphone or streaming it from a TV or other audio device in or near a negative pressure room,” the co-author said. Principal Mohammad Al Faruque, Professor of Electrical Engineering and Computer Science at UCI. . “If this music is embedded with a tone that matches the resonant frequency of the pressure controls of any of these spaces, it could cause malfunction and leakage of deadly microbes.”

Heating, ventilation and air conditioning infrastructure keeps the flow of fresh air in and contaminated air out of a given space. HVAC systems in scientific facilities typically include room pressure monitors, which in turn use differential pressure sensors that compare the atmospheres inside and outside rooms.

The researchers said commonly used DPS are vulnerable to remote manipulation, posing a previously unrealized threat to biosecurity facilities. They tested their hypothesis on eight standard DPSs from five manufacturers, demonstrating that all devices operate with resonant frequencies in the audible range and are therefore subject to tampering.

“As sound waves collide with the diaphragms inside a DPS, it begins to vibrate at the same frequency,” said lead author Anomadarshi Barua, Ph.D. UCI. candidate in electrical and computer engineering. “A savvy attacker can use this technique to artificially displace the diaphragm, alter the pressure reading and cause the entire system to malfunction.”

He said attackers can thwart negative pressure chamber systems in a variety of ways. They could manipulate them wirelessly or pose as maintenance personnel to place an audio device in or near such a room. “A more sophisticated attack could involve perpetrators integrating sound-emitting technologies into a DPS before it is installed in a biocontainment facility,” Barua said.

In their presentation at the conference, the researchers suggested several countermeasures to prevent a musical assault on biosecurity facilities. Soundproofing can be achieved by extending the sample tube from the port of a DPS up to 7 meters. The team also proposed enclosing the pressure port in a box-like structure. Both of these measures would reduce DPS sensitivity, Barua said.

Al Faruque said this research project demonstrates the vulnerabilities of embedded systems to random attacks, but pointed out that with a little planning and forethought, installations can be hardened against sabotage.

Reference: “A Wolf in Sheep’s Clothing: Spreading Deadly Pathogens Under the Disguise of Popular Music” by Anomadarshi Barua, Yonatan Gizachew Achamyeleh and Mohammad Abdullah Al Faruque, November 7, 2022, Proceedings of the ACM SIGSAC 2022 Computer and Communications Security Conference .
DOI: 10.1145/3548606.3560643

#Hospitals #risk #Smartphone #attacks #release #deadly #germs