According to the study, hospital and laboratory biocontainment facilities are vulnerable to terrorist attacks.
A team of researchers at the University of California, Irvine has found that negative pressure rooms, which are used in hospitals and laboratories to prevent the spread of deadly pathogens, can be compromised by an attacker using a smartphone. These rooms are designed to protect against the exposure of outside areas to harmful microbes.
According to UCI cyber-physical systems security experts, who recently shared their findings at the Conference on Computer and Communications Security, mechanisms that control airflow in and out of biocontainment facilities can be tricked into functioning irregularly by a sound of a particular frequency, possibly tucked surreptitiously into a popular song.
“Someone could play a piece of music loaded on their smartphone or get it to transmit from a television or other audio device in or near a negative pressure room,” said senior co-author Mohammad Al Faruque, UCI professor of electrical engineering and computer science. “If that music is embedded with a tone that matches the resonant frequency of the pressure controls of one of these spaces, it could cause a malfunction and a leak of deadly microbes.”
Heating, ventilation, and air conditioning infrastructure maintain the flow of fresh air into and contaminated air out of a given space. HVAC systems in scientific facilities typically include room pressure monitors, which in turn utilize differential pressure sensors that compare the atmospheres inside and outside rooms.
The researchers said that commonly used DPSs are vulnerable to remote manipulation, posing a previously unrealized threat to biosafety facilities. They tested their hypothesis on eight industry-standard DPSs from five manufacturers, demonstrating that all the devices operate with resonant frequencies in the audible range and are, therefore, subject to tampering.
Potential Attack Methods and Their Consequences
“When sound waves collide with the diaphragms inside a DPS, it starts vibrating with the same frequency,” said lead author Anomadarshi Barua, UCI Ph.D. candidate in electrical engineering and computer science. “An informed attacker can use this technique to artificially displace the diaphragm, changing the pressure reading and causing the whole system to malfunction.”
He said that attackers could thwart negative pressure room systems in a variety of ways. They could manipulate them wirelessly or pose as maintenance personnel to place an audio device inside or near such a room. “A more sophisticated attack might involve perpetrators embedding sound-emitting technologies into a DPS before it’s installed in a biocontainment facility,” Barua said.
Countermeasures for Securing Biocontainment Facilities
In their conference presentation, the researchers suggested several countermeasures to prevent a musical assault on biosafety facilities. Sound dampening can be achieved by lengthening the sampling tube of a DPS’s port by as much as 7 meters. The team also proposed enclosing the pressure port in a boxlike structure. Both these measures would reduce the sensitivity of the DPS, Barua said.
Al Faruque said that this research project demonstrates the vulnerabilities of embedded systems to random attacks but stressed that with a little planning and forethought, facilities can be hardened against sabotage.
Reference: “A Wolf in Sheep’s Clothing: Spreading Deadly Pathogens Under the Disguise of Popular Music” by Anomadarshi Barua, Yonatan Gizachew Achamyeleh and Mohammad Abdullah Al Faruque, 7 November 2022, Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.
DOI: 10.1145/3548606.3560643
Never miss a breakthrough: Join the SciTechDaily newsletter.
Follow us on Google and Google News.
5 Comments
Looking for an excuse? just sayin”…..
The thing is that negative pressure controlled environment is not automatically means that deadly pathogens are just simply floating inside the room in the air. There are several barriers which prevents that and if all of them fails the negative pressure plus intense air exchange take over. So, to execute such an attack successfully someone need to take an extra steps inside the facility. Well, don’t want to say that is impossible but rather unlikely by using a sound attack alone…
Many operations are operated without negative pressure. That doesn’t make them any less sterile.
You’re not too smart, are you? Such lengthy rant to say nothing. Biocontainment facilities are equipped with mechanisms that control air flow in and out, which means they are CONTROLLED electronically. And it’s been proven that said mechanism can be made to fail or behave irregularly simply by exposing them to certain sound frequencies. And here you are talking about what… “fans” and “sound speakers” ?? Don’t be so simplistic. Get educated before opening your donut hole and spewing nonsense.
The one thing I don’t understand is why in the world when a potential threat is discovered the first thing they do is to make it public. Don’t they realize that by doing so they are exposing the very thing they are trying to secure? You can bet that right this moment there are bio-terrorists and hackers with evil intent lurking out there out they. They are probably thinking… oh, is that so? That easy, eh… well let me get to work ASAP! Thanks for the heads up! Now we know how to hurt you.
I’m a Mechanical Engineer myself, so I am very aware that no safety system or complex electronic mechanism is ever completely safe. The more complex and the more high-tech it gets, the more vulnerable it probably will become over time.
So it seems to me that the first countermeasure to prevent a ‘musical assault’ on biosafety facilities, as they put it, should always be to avoid facilitating valuable intel to potential perpetrators. If they didn’t know about this, well now they do! So my advice: correct the problem quickly before the bad boys beat you to it and launch an actual attack. I can assure you they are already looking into it.