The researchers proposed sound dampening or covering the pressure port with a protective structure to prevent musical attacks on biosecurity facilities. Both measures will reduce the sensitivity of the differential pressure sensor.
According to the study, hospital and laboratory biosecurity facilities are vulnerable to terrorist attacks.
A group of researchers University of California, Irvine found that negative pressure rooms used in hospitals and laboratories to prevent the spread of deadly pathogens could be breached by an attacker using a smartphone. These rooms are designed to protect outside areas from exposure to harmful microbes.
According to UCI cyber-physical systems security experts who recently shared their findings at the Computer and Communications Security Conference, the mechanisms that control air flow inside and outside bioremediation facilities can be tricked into operating irregularly by sound of a certain frequency. secretly became a popular song.
“One can play a piece of music downloaded to their smartphone or stream it from a TV or other audio device in or near the negative pressure chamber,” said lead co-author Mohammad Al Faruque, a professor of electrical engineering and computer science at UCI. “If this music is introduced with a tone matching the resonant frequency of the pressure control of one of these cavities, it can cause a malfunction and the leakage of deadly germs.”
Heating, ventilation and air conditioning infrastructure ensures that fresh air enters a given space and that polluted air is expelled. HVAC systems in scientific facilities typically include room pressure monitors, which in turn use differential pressure sensors that compare the atmosphere inside and outside the rooms.
Commonly used DPSs are vulnerable to remote manipulation and pose a previously unrealized threat to biosecurity facilities, the researchers said. They tested their hypothesis on eight industry-standard DPSs from five manufacturers, demonstrating that all devices operate at resonant frequencies in the audible range and are therefore susceptible to interference.
“When sound waves collide with the diaphragms inside a DPS, it begins to vibrate at the same frequency,” said lead author Anomadarshi Barua, a UCI Ph.D. in electrical engineering and computer science. “An informed attacker could use this technique to artificially displace the diaphragm, change the pressure reading, and cause the entire system to fail.”
I said that attackers can bypass negative pressure room systems in a variety of ways. They could manipulate them wirelessly or pose as maintenance workers to place an audio device in or near such a room. “A more sophisticated attack may involve criminals embedding sound-emitting technologies before installing them into a DPS,” Barua said.
In a conference presentation, the researchers proposed a number of countermeasures to prevent a musical attack on biosecurity facilities. Sound attenuation can be achieved by extending the sample tube of the DPS port up to 7 meters. The team also proposed incorporating the pressure port into a box-like structure. Barua said both measures will reduce the vulnerability of the DPS.
Al Faruque said this research project demonstrated the vulnerabilities of internal systems to random attacks, but stressed that with a little planning and forethought, facilities can be hardened against sabotage.
Reference: “A Worm in Sheep’s Clothing: The Spread of a Deadly Pathogen Under the Mask of Popular Music” by Anomadarshi Barua, Yonatan Gizachew Achamyeleh, and Mohammad Abdullah Al Faruque, 7 November 2022, Proceedings of the 2022 ACM SIGSAC Conference on Computer Security and Communications.
DOI: 10.1145/3548606.3560643
