Go to OpenReview Public Article ORCID homepageVoltSiren: Exploiting Power Supply Vulnerabilities to Control IoT Devices
Abstract: This paper analyzes the security of Internet of Things (IoT) devices from the perspective of sensing, actuating, and communicating. Particularly, we discover a vulnerability in power supply modules and propose VoltSiren attacks. To launch a VoltSiren attack, attackers may compromise the power source and inject malicious signals through the power supply module, which is indispensable in most devices. Consequently, VoltSiren attacks can cause sensor measurements irrelevant to reality, maneuver actuators in a way disregarding the desired command, or disrupt communications. To understand VoltSiren, we systematically analyze the underlying principle of power supply signals affecting the electronic components, which are building blocks to constitute the sensors, actuators, or communication modules. Based on these findings, we implement and validate VoltSiren on off-the-shelf products: six sensors, three actuators, and two communication modules, which are used in applications ranging from automobile braking systems, industrial process control to robotic arms. The root cause of this vulnerability lies in the common belief that noises from the power line are unintentional, and our work aims to call for attention to enhancing the security of power supply modules and adding countermeasures to mitigate the attacks.
External IDs:doi:10.1109/jiot.2026.3667971
Loading