Xingyu Chen (University of Colorado Denver), Zhengxiong Li (University of Colorado Denver), Baicheng Chen (University of California San Diego), Yi Zhu (SUNY at Buffalo), Chris Xiaoxuan Lu (University of Edinburgh), Zhengyu Peng (Aptiv), Feng Lin (Zhejiang University), Wenyao Xu (SUNY Buffalo), Kui Ren (Zhejiang University), Chunming Qiao (SUNY at Buffalo)

Millimeter-wave (mmWave) sensing has been applied in many critical applications, serving millions of thousands of people around the world. However, it is vulnerable to attacks in the real world. These attacks are based on expensive and professional radio frequency (RF) modulator-based instruments and can be prevented by conventional practice (e.g., RF fingerprint). In this paper, we propose and design a novel passive mmWave attack, called MetaWave, with low-cost and easily obtainable meta-material tags for both vanish and ghost attack types. These meta-material tags are made of commercial off-the-shelf (COTS) materials with customized tag designs to attack various goals, which considerably low the attack bar on mmWave sensing. Specifically, we demonstrate that tags made of ordinal material (e.g., C-RAM LF) can be leveraged to precisely tamper the mmWave echo signal and spoof the range, angle, and speed sensing measurements. Besides, to optimize the attack, a general simulator-based MetaWave attack framework is proposed and designed to simulate the tag modulation effects on the mmWave signal with advanced tag and scene parameters. We evaluate, MetaWave, the meta-material tag attack in both simulation and real-world experiments (i.e., 20 different environments) with various attack settings. Experimental results demonstrate that MetaWave can achieve up to 97% Top-1 attack accuracy on range estimation, 96% on angle estimation, and 91% on speed estimation in actual practice, 10-100X cheaper than existing mmWave attack methods. We also evaluate the usability and robustness of MetaWave under different real-world scenarios. Moreover, we conduct in-depth analysis and discussion on countermeasures for MetaWave mmWave attacks to improve wireless sensing and cyber-infrastructure security.

View More Papers

A Case Study on Fuzzing Satellite Firmware

Tobias Scharnowski and Felix Buchmann (Ruhr-Universitat Bochum), Simon Woerner and Thorsten Holz (CISPA Helmholtz Center for Information Security) Presenter: Tobias Scharnowski

Read More

Private Certifier Intersection

Bishakh Chandra Ghosh (Indian Institute of Technology Kharagpur), Sikhar Patranabis (IBM Research - India), Dhinakaran Vinayagamurthy (IBM Research - India), Venkatraman Ramakrishna (IBM Research - India), Krishnasuri Narayanam (IBM Research - India), Sandip Chakraborty (Indian Institute of Technology Kharagpur)

Read More

DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement...

Seongil Wi (KAIST), Trung Tin Nguyen (CISPA Helmholtz Center for Information Security, Saarland University), Jihwan Kim (KAIST), Ben Stock (CISPA Helmholtz Center for Information Security), Sooel Son (KAIST)

Read More

Do Privacy Labels Answer Users' Privacy Questions?

Shikun Zhang, Norman Sadeh (Carnegie Mellon University)

Read More