⇧ [VIDÉO] You may also like this partner content (post ad)
Some hospitals and laboratories study deadly pathogens. Then they are equipped with a negative pressure chamber, which allows to reliably protect the external areas from the influence of these pathogens. Recently, researchers demonstrated that these rooms are vulnerable to audio terrorist attacks, especially a simple piece of music played on a smartphone! Explanations.
It should be noted that biosafety level (BSL) is a strict set of rules set for a biological laboratory or hospital facility to prevent the escape of lethal/dangerous pathogens from the facility. BSL is classified between BSL-1 (lowest safety level) and BSL-4 (highest safety level) depending on the microbes present in the laboratory or hospital. In French, this classification is more commonly known under the names P1 to P4.
The Centers for Disease Control and Prevention (CDC) defines BSLs as having specific controls for microbial containment to protect the environment and the community. BSLs require isolation rooms in a biological laboratory or infection control hospital to maintain negative pressure relative to the outside corridor.
Hence, the room is known as negative pressure room (NPR). The latter ensures that potentially harmful microbes cannot leave the device through the air flow by maintaining a negative pressure inside. With growing concerns about bioterrorism, NPR must maintain certain negative pressures by adhering to strict guidelines set forth by the CDC, ASHRAE, or other authorities.
Recently, a team of researchers from the University of California demonstrated that the secure operation of this negative pressure chamber can be compromised by an attacker armed with a simple smartphone playing certain music. They shared their findings with attendees at the Association for Computing Machinery’s computer and communications security conference in Los Angeles. Their research is published in arXiv.
Find the correct frequency
According to UCI cyber-physical systems security experts, mechanisms that control the flow of air into and out of biopressure devices (negative pressure chamber) can cause erratic operation with a special frequency sound that can be secretly hidden in a popular song.
Co-author Mohammad Al Faruque, professor of electrical engineering and computer science at UCI, explains: Someone can play a piece of music downloaded to their smartphone or stream it from a TV or other audio device in or near the negative pressure room. If this music is introduced with a tone that matches the resonant frequency of the pressure control of any of these gaps, it can cause malfunction and leakage of deadly germs. “.
Specifically, the HVAC infrastructure maintains the flow of fresh air and polluted air in a given space. These systems typically include room pressure monitors, which in turn use differential pressure sensors that compare the atmosphere inside and outside the rooms. Sound waves coming into contact with these sensors can cause them to vibrate at the same frequency. So explains UCI lead author Anomadarshi Barua: A skilled attacker can use this technique to artificially displace the diaphragm, alter the pressure reading, and cause the entire system to fail. “.
To test the vulnerability hypothesis, the researchers tested eight standard DPSs from five manufacturers, all of which operated at resonant frequencies in the audible range and are therefore susceptible to interference. They then created “noxious music” to resonate in the DPS, causing it to exceed normal pressure readings. As a result, the chamber converts its negative pressure into positive pressure, causing a potential leak of deadly germs.
They explain that attackers can circumvent negative pressure chamber systems in a variety of ways. They could manipulate them wirelessly or act as technicians to place an audio device in or near such a room. Barua notes: A more sophisticated attack could involve criminals who integrate sound-emitting technologies into DPS before they are installed in a biosecurity facility. “.
How to fix this security flaw?
In their presentation at the conference, the researchers proposed a number of countermeasures to prevent a musical attack on biosecurity facilities.
Sound isolation can be achieved by extending the sample tube up to 7 meters from the DPS port. The team also proposed enclosing the pressure port in a box-like structure. Both of these measures will reduce DPS vulnerability, Barua said.
Al Faruque said this research project demonstrated the vulnerabilities of internal systems to random attacks, but noted that with a little planning and thought, installations can be hardened against sabotage.