Zhicong Zheng (Zhejiang University), Jinghui Wu (Zhejiang University), Shilin Xiao (Zhejiang University), Yanze Ren (Zhejiang University), Chen Yan (Zhejiang University), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejiang University)
Sensor vulnerabilities can be exploited by physical signal attacks to cause erroneous sensor measurements, endangering systems that rely on sensors to make critical decisions.
While hundreds of existing studies have discovered numerous sensor vulnerabilities, they are all driven by manual expert analysis and require a time-consuming process of trial and error. The absence of automated approaches to assist in the detection of sensor vulnerabilities has posed a major roadblock to bridging the gap between sensor security research and industrial applications.
In this paper, we propose PhyFuzz, a new emph{physical signal fuzzing} paradigm that relies on physical testing signals to detect existing and potentially new types of sensor vulnerabilities without human in the loop.
To cope with the unprecedented challenges of fuzzing with physical signals, such as the infinite searching space of signal parameters and the black-box design of diverse sensor hardware, we design a unique fuzzing algorithm that enables efficient testing signal construction and effective feature discretization for sensor vulnerability identification and assessment. We implement PhyFuzz as a prototype that can support fuzz testing with acoustic, laser, and electromagnetic signals.
Our experiment shows that it can identify 46 vulnerabilities on 13 sensors of 9 different types, including 6 undisclosed cases.