loading page

Exploiting Vulnerabilities of ADC Registers in IoT and Control Systems
  • Eyasu Getahun Chekole ,
  • Rajaram Thulasiraman ,
  • Jianying Zhou
Eyasu Getahun Chekole
Author Profile
Rajaram Thulasiraman
Author Profile
Jianying Zhou
Author Profile

Abstract

An analog-to-digital converter (ADC) is a critical part of most computing systems that converts analog signals into quantifiable digital values. Since most digital devices operate only on digital values, the ADC acts as an interface between the digital and analog worlds. As such, ADCs are commonly used in a wide-range of applications, including internet of things (IoT), industrial control systems (ICS), cyber-physical systems (CPS), audio/video devices, medical imaging, digital oscilloscopes, and cell phones, among others. For example, programmable logic controllers (PLCs) in ICS/CPS often make control decisions based on digital values converted from analog signals by ADCs. Due to its crucial role in various applications, ADCs are often targeted by a wide-range of physical and cyber attacks. Attackers often exploit vulnerabilities that could be found in the software/hardware of ADCs. In this work, we first conduct a deeper study in the ADC conversion logic to investigate relevant vulnerabilities that were not well explored by prior works. As a result, we manage to identify exploitable vulnerabilities on certain ADC registers that are involved in the analog-to-digital conversion logic. As a proof of concept, we construct and develop three attack techniques by exploiting the vulnerabilities identified. Finally, we test the attacks on a mini-CPS testbed we designed using IoT devices, analog sensors and actuators. Our experimental results reveal high effectiveness of the proposed attack techniques in misleading PLCs to make incorrect control decisions in CPS. We also analyze the impact of such attacks when launched in real-word CPS testbeds.