The Physics of Analog Cybersecurity

Are MEMS sensors inherently trustworthy? Successful acoustic injection attacks indicate otherwise: Hacking an accelerometer to output a waveform that spells “WALNUT” with an upper limit of 10 G.

As the Internet of Things (IoT) grows exponentially, the market for sensors will grow with it. It’s a common assumption that processors, not sensors, are the attack vector of choice. Microelectromechanical (MEMS) accelerometers, however, are not hack-proof; acoustic injection attacks can be used to fake sensor output to an alarming extent. MEMS accelerometers measure acceleration, tilt, vibration, shock, and rotation, interpreting translational movement orientation and position. Found in smartphones, wearables, automobiles, medical devices, avionics, industrial systems, directional drilling, airbags, guided missiles, and much more, MEMS accelerometers are employed in clever power management techniques (idle/wakeup), movement analysis in golf clubs, vibration analysis for predictive maintenance on motors, and in falling laptops so that traditional hard drives are parked before impact.

Why is MEMS accelerometer output considered inherently trustworthy?”

Equation 1

Physical mechanical structures, MEMs accelerometers are micromachined into silicon chips and packaged much like a regular IC. A comb-like section is tethered to the housing and acts like a seismic mass, moving like a spring between finger-like capacitive structures. Current flows as a corresponding finger on the mass moves back and forth between the capacitive structures (Equation 1. When the MEMS accelerometer moves, it measures acceleration (and related forms of motion) in  g-force and converts it into a signal, which gets filtered and run through an analog-to-digital converter (ADC) before going to a microprocessor as data.

“To substantially displace the sensing mass using acoustics, the acoustic frequency must match the mechanical resonant frequency of the sensor.”

Figure 1: A comb-like section is tethered to the housing and acts like a seismic mass, moving like a spring between finger-like capacitive structures. Current flows as a corresponding finger on the mass moves back and forth between the capacitive structures. (Credit: Trippel)

Perhaps because they are hardware, MEMS accelerometers haven’t seemed as if they needed protection from hacking. Why is MEMS accelerometer output considered inherently trustworthy? Hackers can change the sensor’s output. Until recently, externally blocking a MEMS gyroscope was a known issue, but it’s come to light that MEMS accelerometer signals can be changed using external acoustic signals. Acoustic signals that are resonant with the MEMS’ mechanical resonant frequencies can disturb the MEMS accelerometer’s output. A recent study presented at the IEEE European Symposium on Security and Privacy demonstrates the effect of acoustic interference on MEMS accelerometers and how that interference can be used to control the sensor’s output.

According to Ph.D. candidate Timothy Trippel, et al., of the University of Michigan, “Physics allows the attacker to achieve the maximum acoustic disturbance by exploiting a mechanical property of a vibrating mass-spring system—resonance. Vibrating these systems at their resonant frequencies achieves maximum displacement of the mass. To substantially displace the sensing mass using acoustics, the acoustic frequency must match the mechanical resonant frequency of the sensor.”

One of the experiments revealed that a successful acoustic injection attack at the resonant frequency for a particular off-the-shelf MEMS accelerometer was 2.9 kHz, although resonant frequencies can fall over a range, not just a particular frequency. The range of human hearing is 20 Hz to 20 kHz, but even if disguised by music, such a resonant frequency can cause a false output that is characterized as either output control (constantly shifted measurements) or output biased (fluctuating measurements).

There’s a signal chain for input from MEMS accelerometers. The MEMS device itself includes a sensing mass and transducer for converting inertial movement to voltage (see Figure 1). As a real-world signal, the output should be run through a Low Pass Filter (LPF) to reduce unwanted signals and irrelevant frequencies (e.g. noise) and amplified before digitization by an analog-to-digital converter (ADC) All of the above resides in the accelerometer IC, resulting in an output signal.


Figure 2: Components in the MEMS accelerometer’s signal chain can make the sensor vulnerable to an acoustic injection attack. Vulnerable areas include the ADC, LPF, and the amplifier. (Credit: Trippel)

In acoustic injection attacks, output biasing was found to be related to sampling deficiencies at the ADC and results in “fluctuating false measurements at their resonant frequencies due to insecure LPFs.”[i]  Trippel tested two each of twenty different models of MEMS accelerometers and found that he could control an accelerometer’s output for anywhere from a few seconds to indefinitely by using signal aliasing and/or signal modulation. Trippel identifies three areas as root causes allowing the successful attacks: less-than-accurate ADCs, amplifiers, and LPFs. MEMS accelerometers fell into several camps with varying results.

Root-cause Vulnerabilities in the Signal Chain
The components in the signal chain are central to the success of an acoustic injection attack. These include:

  • ADCs with too low a sampling rate
  • Amplifiers that asymmetrically clip acoustic acceleration signals and thus introduce a DC element into the signal (which also gets past the LPF)
  • LPFs with a cut-off frequency above or very near the sensor’s mechanical resonant frequency

To defend against acoustic injection attacks, LPFs should have a cut-off frequency that is less than half of the ADC sampling rate, which prevents signal aliasing. A “secure amplifier” can be designed that accounts for the possibility of high amplitude acoustic noise or otherwise removes the clipping of the signal output. For the MEMS sensor itself, the resonant frequency should not exist within the LPF’s transition band.


Figure 3: Transition band of a Butterworth low pass filter is shown in yellow. To defeat acoustic injection attacks, the resonant frequency of the MEMS accelerator should not exist within the LPF’s transition band. (Credit: By Runverzagt, CC BY-SA 4.0)

The results of the study note that of the 20 different models of sensors tested, several had multiple resonant frequencies and several resonant frequencies can exist within a given bandwidth. At least in this study, physically larger MEMS accelerometers were not affected by acoustic injection attacks, suggesting that device size might play a factor. Another tentative conclusion is that the acoustic resonant frequency is not related to the IC packaging itself, although the amplitude of the acoustic attack may be lessened by sound-dampening packaging or the surrounding chassis.

Figure 4: Figures a) and b) represent an output biasing attack on two different models with under sampling ADCs, with an attempt to spell “WALNUT” in waveforms. The attempts with accurate ADCs (but vulnerable LPFs) in Models C and D show a more accurate WALNUT waveform because it’s easier to guess the sampling phase of the ADC when it’s stable. (Credit: Trippel, et al.)

Examples of Successful Acoustic Injection
Some simple hacking experiments show that a remote controlled (RC) car, controlled by a smartphone’s accelerometer, can be hijacked by playing music while operating the car. The car reacts to the smartphone’s orientation by commanding the car over Wi-Fi. An amplitude-modulated acoustic signal is used to control accelerometer output on the phone. The smartphone’s accelerometer measurements are inaccurate due to acoustic meddling, and the application sends commands to the RC car that do not match actual commands given. This means that music played on the phone while using the RC car’s app can achieve unintended results. In another example, the University of Michigan team was able to rack up thousands of steps on a Fitbit without the signal aliasing or signal modulation that was required to hack other MEMS accelerometers. Matching the acoustic resonant frequency to that of the Fitbit was all that was necessary.

Cause for FUD?
Whereas successful acoustic injection attacks on toy cars and Fitbits are not enough cause to strike fear, uncertainty, and doubt (FUD), a successful attack on what has been taken for granted as inherently trustworthy as a sensor is worth making note of for future hardware designs. Trippel and his colleagues did develop some software techniques for defending MEMS accelerometers that are already on the market. These techniques include randomized and 180° out-of-phase sampling techniques. Hardware designed to thwart acoustic injection attacks is effective against each hacking method discussed (both output biasing and output control), whereas software techniques are not effective for the type of acoustic attack the paper identifies as “output control”.i

In testing 20 different models of MEMS accelerometers against acoustic injection attacks, more than 75% succumbed to what was referred to as output biasing attacks, and 65% were affected by output control attacks. Hardware manufacturers of the tested models were informed of the results. Although standards exist for MEMS accelerometers, standardized testing has not been implemented across the industry. This means that different laboratories can test the same MEMS accelerometer and end up with different results.

Although the National Institute of Standards & Technology (NIST) has recently developed a method that reduces (or eliminates) differences that can come up when different labs test MEMS accelerometers,[ii] it likely does not include security testing that reflects the University of Michigan findings. NIST’s method focusses on the intrinsic properties of MEMS accelerometers so that accurate comparisons between facilities are now feasible. However, the industry has yet to adopt standard testing protocols for MEMS-based devices. The NIST is working with the Institute of Electrical and Electronics Engineers (IEEE) and the MEMS Sensors Industry Group (MSIG) to establish and advance industry standard testing protocols for new MEMS-based device technologies.

Are you listening, IEEE and MSIG? Perhaps there’s time to slip in a section that adds security testing against acoustic injection attacks for MEMS accelerometers. That two different labs can arrive at different properties for the same MEMS accelerometer is revealing enough. Let’s hope that our future will see improved MEMS accelerometers that avoid such attacks. Can we look for the claim “tested safe against acoustic injection attacks” in a datasheet soon?

 Lynnette Reese is Editor-in-Chief, Embedded Intel Solutions and Embedded Systems Engineering, and has been working in various roles as an electrical engineer for over two decades. She is interested in open source software and hardware, the maker movement, and in increasing the number of women working in STEM so she has a greater chance of talking about something other than football at the water cooler.

[i] T. Trippel, O. Weisse, W. Xu, P. Honeyman and K. Fu, “WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks,” 2017 IEEE European Symposium on Security and Privacy (EuroS&P), Paris, 2017, pp. 3-18.

doi: 10.1109/EuroSP.2017.42 URL:


Share and Enjoy:
  • Digg
  • Sphinn
  • Facebook
  • Mixx
  • Google
  • TwitThis