Crafty hackers can create a tool to intercept some 6G wireless signals in just five minutes using office paper, an inkjet printer, a foil transfer, and a laminator.
Wireless security hacking was discovered by engineering researchers at Rice University and Brown University, who will present their findings and demonstrate the attack this week in San Antonio at ACM WiSec 2022, the Association for Computing’s annual conference. Machinery on security and privacy in wireless and mobile networks.
“Awareness of a future threat is the first step in countering that threat,” said study co-author Edward Knightly, professor of electrical and computer engineering at Rice’s Sheafor-Lindsay. “Frequencies vulnerable to this attack are not in use yet, but they are on their way and we need to be prepared.”
In the study, Knightly, Brown University engineering professor Daniel Mittleman and colleagues showed that an attacker could easily create a sheet of office paper covered with 2D laminated symbols – a metasurface – and use it to redirect part of a “pencil beam.” “150 gigahertz transmission between two users.
They dubbed the attack “Metasurface-in-the-Middle” as a nod to both the hacker’s tool and the way it is handled. Metasurfaces are thin sheets of material with patterned designs that manipulate light or electromagnetic waves. “Man-in-the-middle” is a cybersecurity industry classification for attacks where an adversary sneaks in between two parties.
The frequency of 150 gigahertz is higher than that used in today’s 5G or Wi-Fi cellular networks. But Knightly said wireless operators are looking to deliver 150 gigahertz and similar frequencies known as terahertz waves or millimeter waves over the next decade.
“Next-generation wireless will use high frequencies and pencil beams to support broadband applications such as virtual reality and autonomous vehicles,” said Knightly, who will present the research with co-author Zhambyl Shaikhanov, a graduate student in his lab.
In the study, the researchers use the names Alice and Bob to refer to the two people whose communications were breached. The spy is called Eva.
To organize the attack, Eve first designs a metasurface that will diffract a portion of the signal in a narrow beam towards its location. For the demonstration, the researchers designed a model with hundreds of rows of divided rings. Each looks like the letter C, but they are not identical. The open part of each ring varies in size and orientation.
“Those openings and orientations are made very specifically to make the signal diffract in the exact direction that Eve wants,” said Shaikhanov. “After drawing the metasurface, it prints on a regular laser printer, then uses a hot stamping technique used in processing. It places a metal foil on the printed paper, feeds it through a laminator and the heat and pressure create a bond. between the metal and the toner. “
Mittleman and study co-author Hichem Guerboukha, a postdoctoral researcher at Brown, demonstrated in a 2021 study that the hot stamping method could be used to create split ring metasurfaces with resonances up to 550 GHz.
“We developed this approach to lower the barrier to fabricating metasurfaces, so that researchers could test many different designs quickly and cost-effectively,” said Mittleman. “Of course, this lowers the barrier for eavesdroppers as well.”
The researchers said they hope the study will dispel a common misconception in the wireless industry that higher frequencies are inherently safe.
“People have been quoted as saying that millimeter wave frequencies are ‘secret’ and ‘highly confidential’ and that they ‘provide security,'” said Shaikhanov. “The thought is, ‘If you have a super narrow beam, no one can eavesdrop on the signal because it would have to physically stand between the transmitter and the receiver.’ What we have shown is that Eve doesn’t have to be pushy to organize this attack. “
Research has shown that the attack would be difficult for Alice or Bob to detect today. And while the metasurface must be positioned between Alice and Bob, “it could be hidden in the environment,” Knightly said. “You could hide it with other sheets of paper, for example.”
Knightly said wireless researchers and equipment manufacturers are now aware of the attack, can study it further, develop detection systems, and integrate them into terahertz networks in advance.
“If we had known from day one, when the internet first came out, that there would be denial of service attacks and attempts to take down web servers, we would have designed it differently,” said Knightly. “If you build first, wait for the attachments, and then try to repair, this is a much more expensive and costly path than planning it safely in advance.”
“Millimeter wave frequencies and metasurfaces are new technologies that can each be used to advance communication, but each time we gain new communication skills we have to ask ourselves the question: ‘What if the opponent had this technology? skills will he give them that they did not have in the past? And how can we build a safe net against a strong opponent? “
Rice’s Fahid Hassan is a co-author of the study.
This research was supported by Cisco, Intel, National Science Foundation (1955075, 1923782, 1824529, 1801857, 1923733, 1954780) and Army Research Laboratory (W911NF-19-2-0269).