Wireless Manipulation of Serial Communication

Wired serial communication (e.g., UART, (IC)-C-2) is widely used to exchange information between sensors, actuators, and controllers in automation, control, and cyber-physical systems. In this work, it is demonstrated that intentional electromagnetic interference (IEMI) can be utilized to not only induce spurious serial communications but to also alter legitimate communications, arbitrarily and at a distance, through attacks that cause controlled, bidirectional bit flips. To prove the efficacy of such attacks, two attack signal types, which require differing levels of attacker knowledge and resources to be effective, are proposed and evaluated against UART and (IC)-C-2 serial communication systems. The first attack waveform, which we call simple, is an inexpensive-to-produce narrowband waveform that has high power and tight timing constraints, but requires little attacker knowledge about the targeted system, while the second waveform, which we call complex, leverages a wideband signal that requires less power to achieve the same effect, is more tolerant of timing error in the signal processing phase, but requires a high amount of attacker knowledge of the targeted system. The simple waveform is shown to be over 98.3% effective at inducing a desired bit sequence into randomly transmitted UART frames, which indicates that an attacker could also choose to inject spurious UART frames, at will. On the (IC)-C-2 data streams, the complex waveform is demonstrated to be overall 75% effective in inducing random bits. Countermeasures are discussed and experimentally validated in high-IEMI scenarios.