Imagine a movie featuring a scene set in a top-secret bioweapons research lab. The villain, clad in a bunny suit, strides into the inner sanctum of the facility — one of the biosafety rooms where only the most infectious and deadliest microorganisms are handled. Tension mounts as he pulls out his phone; surely he’ll use it to affect some dramatic hack, or perhaps set off an explosive device. Instead, he calls up his playlist and… plays a song? What kind of villain is this?
As it turns out, perhaps one who has read a new paper on the potential for hacking biosafety rooms using music. The work was done by University of California Irvine researchers [Anomadarshi Barua], [Yonatan Gizachew Achamyeleh], and [Mohammad Abdullah Al Faruque], and focuses on the negative pressure rooms found in all sorts of facilities, but are of particular concern where they are used to prevent pathogens from escaping into the world at large.
Negative pressure rooms use sophisticated HVAC systems to keep a lower pressure inside the room compared to the outside, and go to great lengths to keep it that way. The control systems for such rooms rely on differential pressure sensors, which detect the difference in pressure between two ports separated by a thin diaphragm. The diaphragm’s deflection due to pressure differences between the two ports can be sensed either capacitively or piezoresistively.
Trouble is, the diaphragms tend to have resonant frequencies in the audio range, making them vulnerable to spoofing. Several different commonly used sensors were evaluated with audio frequency sweeps, showing a resonance sweet spot at 700 to 900 Hz. This is right in the ballpark for embedding into an audio track, allowing the attacker to hide in plain sight — or sound, as the case may be. Tweaking the sensor with this frequency can potentially convince the control system to make an adjustment that removes air — and any pathogens it contains — from the room. You can imagine the rest.
We’ve become quite fond of finding and reporting on some of the oddest of oddball side-channel attack vectors, like potato chip bags and clicky keyboards. This attack is particularly terrifying since it seems both more plausible and has much higher stakes.
Featured image: by Steve Zylius / University of California Irvine