skip to main content
research-article

The System That Cried Wolf: Sensor Security Analysis of Wide-area Smoke Detectors for Critical Infrastructure

Authors Info & Claims
Published:12 June 2020Publication History
Skip Abstract Section

Abstract

Fire alarm and signaling systems are a networked system of fire detectors, fire control units, automated fire extinguishers, and fire notification appliances. Malfunction of these safety-critical cyber-physical systems may lead to chaotic evacuations, property damage, and even loss of human life. Therefore, reliability is one of the most crucial factors for fire detectors. Indeed, even a single report of a fire cannot be ignored, considering the importance of early fire detection and suppression. In this article, we show that wide-area smoke detectors, which are globally installed in critical infrastructures such as airports, sports facilities, and auditoriums, have significant vulnerabilities in terms of reliability; one can remotely and stealthily induce false fire alarms and suppress real fire alarms with a minimal attacker capability using simple equipment. The practicality and generalizability of these vulnerabilities has been assessed based on the demonstration of two types of sensor attacks on two commercial off-the-shelf optical beam smoke detectors from different manufacturers. Further, the practical considerations of building stealthy attack equipment has been analyzed, and an extensive survey of almost all optical beam smoke detectors on the market has been conducted. In addition, we show that the current standards of the fire alarm network connecting the detector and a control unit exacerbate the problem, making it impossible or very difficult to mitigate the threats we found. Finally, we discuss hardware- and software-based possible countermeasures for both wide-area smoke detectors and the fire alarm network; the effectiveness of one of the countermeasures is experimentally evaluated.

References

  1. Aliexpress. Size 50*50mm Square Shape, HB720 IR Band Pass Filter/Long Wavelength Band Pass Filter. Retrieved from https://www.aliexpress.com/item/32767468224.html.Google ScholarGoogle Scholar
  2. Bescor. MP101 - Motorized Pan Head w/ Remote. Retrieved from https://www.bescor.com/product-page/mp101.Google ScholarGoogle Scholar
  3. C. Bolton, S. Rampazzi, C. Li, A. Kwong, W. Xu, and K. Fu. 2018. Blue note: How intentional acoustic interference damages availability and integrity in hard disk drives and operating systems. In Proceedings of the 39th IEEE Symposium on Security and Privacy. 1048--1062. DOI:https://doi.org/10.1109/SP.2018.00050Google ScholarGoogle Scholar
  4. Bosch. D296 Smoke Detector, Long-range Beam, 24V. Bosch. Retrieved from http://resource.boschsecurity.com/documents/Datasheet_D296_Data_sheet_enUS_2702469259.pdf.Google ScholarGoogle Scholar
  5. Bosch. D297 Smoke Detector, Long-range Beam, 12V. Bosch. Retrieved from http://resource.boschsecurity.us/documents/Datasheet_D297_Data_sheet_enUS_2702520075.pdf.Google ScholarGoogle Scholar
  6. Bosch. D7024 Fire Alarm Control Panels. Bosch. Retrieved from http://resource.boschsecurity.com/documents/Data_sheet_enUS_2692636171.pdf.Google ScholarGoogle Scholar
  7. Fire Safety Advice Centre. Fire Alarm Systems. Retrieved from https://www.firesafe.org.uk/fire-alarms/.Google ScholarGoogle Scholar
  8. Drew Davidson, Hao Wu, Robert Jellinek, Thomas Ristenpart, and Vikas Singh. 2016. Controlling UAVs with sensor input spoofing attacks. In Proceedings of the 10th USENIX Workshop on Offensive Technologies (WOOT’16).Google ScholarGoogle Scholar
  9. Eaton. Eaton Conventional Fire Panel EFCV8ZONE User Manual. Eaton. Retrieved from https://uk.eaton.com/content/dam/uk/products/life-safety-and-security/fire-and-voice-alarm-systems/Two-wire-and-conventional/Two-wire-and-conventional-control-panels/EFCV8-8zonecontrolpanel/manuals/User_Manual-English-(PR215-216-516-03).pdf.Google ScholarGoogle Scholar
  10. FFE. Advanced Optical Beam Smoke Detector for Moscow Airport. Retrieved from http://halmapr.com/news/ffe/2012/07/16/advanced-optical-beam-smoke-detector-for-moscow-airport/.Google ScholarGoogle Scholar
  11. FFE. Beam Smoke Detectors Keeping Detroit Lions NFL Players Safe. Retrieved from https://www.ffeuk.com/beam-smoke-detectors-keeping-detroit-lions-nfl-players-safe.Google ScholarGoogle Scholar
  12. FFE. Beam Smoke Detectors the right choice for Peterborough Warehouse. Retrieved from https://www.ffeuk.com/beam-smoke-detectors-right-choice-peterborough-warehouse.Google ScholarGoogle Scholar
  13. FFE. Cambridge International Airport’s spray-painting hangar protected by Talentum flame detectors. Retrieved from https://www.ffeuk.com/cambridge-international-airport%E2%80%99s-spray-painting-hangar-protected-talentum-flame-detectors.Google ScholarGoogle Scholar
  14. FFE. Derby Arena Protected by Optical Beam Smoke Detectors. Retrieved from https://www.ffeuk.com/derby-arena-protected-optical-beam-smoke-detectors.Google ScholarGoogle Scholar
  15. FFE. End to End Optical Beam Smoke Detector User Guide. FFE. Retrieved from https://www.ffeuk.com/sites/ffeuk.com/files/documents/FFE_Fireray_3000_User_Guide_English.pdf.Google ScholarGoogle Scholar
  16. FFE. Fire Fighting Enterprises Smoke Detectors Protect Hindu Temple. Retrieved from http://halmapr.com/news/ffe/2014/01/07/fire-fighting-enterprises-smoke-detectors-protect-hindu-temple/.Google ScholarGoogle Scholar
  17. FFE. Fireray 3000 – End-to-End Infrared Optical Beam Smoke Detector. FFE. Retrieved from https://www.ffeuk.com/sites/ffeuk.com/files/documents/FFE_Fireray_3000_Datasheet_US.pdf.Google ScholarGoogle Scholar
  18. FFE. Fireray 5000 – Motorized Reflective Optical Beam Smoke Detector. FFE. Retrieved from https://www.ffeuk.com/sites/ffeuk.com/files/documents/Fireray%205000%20US%20Datasheet%20May%202017.pdf.Google ScholarGoogle Scholar
  19. FFE. Fireray 50/100RU – Reflective Optical Beam Smoke Detector. FFE. Retrieved from https://www.ffeuk.com/sites/ffeuk.com/files/documents/0665_FFE_Fireray_50_100_US_Jan17_WEB.pdf.Google ScholarGoogle Scholar
  20. FFE. Fireray Beam Smoke Detectors Protect Dubai International Airport’s New A380 Concourse. Retrieved from http://halmapr.com/news/ffe/2013/03/22/fireray-beam-smoke-detectors-protect-dubai-international-airports-new-a380-concourse/.Google ScholarGoogle Scholar
  21. FFE. Fireray One Datasheet. FFE. Retrieved from https://www.ffeuk.com/sites/ffeuk.com/files/documents/0852_Fireray_One_Datasheet_US_JUL18_WEB.pdf.Google ScholarGoogle Scholar
  22. FFE. Fireray Optical Beam Smoke Detectors Product Guide. Retrieved from http://firensecurity.com/images/downloads/fire-alarm-system/FIRERAY-Product-Guide.pdf.Google ScholarGoogle Scholar
  23. FFE. Fireray Optical Beam Smoke Detectors Protect Oil Dispersant Warehouse. Retrieved from https://www.ffeuk.com/fireray-optical-beam-smoke-detectors-protect-oil-dispersant-warehouse.Google ScholarGoogle Scholar
  24. FFE. Fireray Range Brochure. Retrieved from https://www.ffeuk.com/sites/ffeuk.com/files/documents/0651_FFE_Fireray_Range_Brochure_Update_8pp_Jan17_web.pdf.Google ScholarGoogle Scholar
  25. FFE. Motorised Infrared Optical Beam Smoke Detector User Guide. FFE. Retrieved from https://www.ffeuk.com/sites/ffeuk.com/files/documents/FFE_Fireray_5000_User_Guide_English.pdf.Google ScholarGoogle Scholar
  26. FFE. Wide area smoke detection for one of Europe’s largest basketball arenas. Retrieved from https://www.ffeuk.com/wide-area-smoke-detection-one-europe%E2%80%99s-largest-basketball-arenas.Google ScholarGoogle Scholar
  27. Denis Foo Kune, John Backes, Shane S. Clark, Daniel Kramer, Matthew Reynolds, Kevin Fu, Yongdae Kim, and Wenyuan Xu. 2013. Ghost talk: Mitigating EMI signal injection attacks against analog sensors. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 145--159.Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Andrew M. Fuchs. 2006. Retrofitting detectors into legacy detector systems. Retrieved from https://patents.google.com/patent/US7336165.Google ScholarGoogle Scholar
  29. Pankaj Goel, Aniruddha Datta, and M Sam Mannan. 2017. Industrial alarm systems: Challenges and opportunities. J. Loss Prevent. Proc. Industr. 50 (2017), 23--36.Google ScholarGoogle ScholarCross RefCross Ref
  30. Infinity Electro-optics. Ultra long-range IR illumination. Retrieved from https://www.infinitioptics.com/technology/zlid.Google ScholarGoogle Scholar
  31. Radoslav Ivanov, Miroslav Pajic, and Insup Lee. 2016. Attack-resilient sensor fusion for safety-critical cyber-physical systems. ACM Trans. Embed. Comput. Syst. 15, 1 (2016), 21.Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Seung-Wook Jee, Chun-Ha Lee, Si-Kuk Kim, Jae-Jin Lee, and Phil-Young Kim. 2014. Development of a traceable fire alarm system based on the conventional fire alarm system. Fire Technol. 50, 3 (2014), 805--822.Google ScholarGoogle ScholarCross RefCross Ref
  33. Zhigang Liu and Andrew K. Kim. 2003. Review of recent developments in fire detection technologies. J. Fire Protect. Eng. 13, 2 (2003), 129--151.Google ScholarGoogle ScholarCross RefCross Ref
  34. Bruce D. Lucas, Takeo Kanade et al. 1981. An iterative image registration technique with an application to stereo vision. In Proceedings of the 7th International Joint Conference on Artificial Intelligence (IJCAI’81), Vol. 2. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 674–679.Google ScholarGoogle Scholar
  35. MarketsandMarkets. Fire Protection Systems Market by Product (Fire Detection (Sensors 8 Detectors (Flame, Smoke Detectors), RFID), Fire Suppression (Fire Sprinklers, Fire Extinguishers), Fire Analysis, Fire Response), Service, Vertical - Global Forecast to 2022. Retrieved from https://www.marketsandmarkets.com/Market-Reports/fire-protection-systems-market-1018.html.Google ScholarGoogle Scholar
  36. H. C. Muller and A. Fischer. 1995. A robust fire detection algorithm for temperature and optical smoke density using fuzzy logic. In Proceedings of the IEEE International Carnahan Conference on Security Technology. IEEE, 197--204.Google ScholarGoogle Scholar
  37. NFPA. National Fire Alarm and Signaling Code. Retrieved from https://www.nfpa.org/codes-and-standards/all-codes-and-standards/list-of-codes-and-standards/detail?code=72.Google ScholarGoogle Scholar
  38. Junkil Park, Radoslav Ivanov, James Weimer, Miroslav Pajic, and Insup Lee. 2015. Sensor attack detection in the presence of transient faults. In Proceedings of the ACM/IEEE 6th International Conference on Cyber-physical Systems.Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Youngseok Park, Yunmok Son, Hocheol Shin, Dohyun Kim, and Yongdae Kim. 2016. This ain’t your dose: Sensor spoofing attack on medical infusion pump. In Proceedings of the USENIX Workshop on Offensive Technologies.Google ScholarGoogle Scholar
  40. Jonathan Petit, Bas Stottelaar, Michael Feiri, and Frank Kargl. 2015. Remote attacks on automated vehicles sensors: Experiments on camera and lidar. In Proceedings of the Black Hat Europe Conference.Google ScholarGoogle Scholar
  41. Public Lab. Near-Infrared Camera. Retrieved from https://publiclab.org/wiki/near-infrared-camera.Google ScholarGoogle Scholar
  42. BSI Standards Publication. Fire Detection and Fire Alarm Systems for Buildings. Retrieved from http://www.ervin-co.com/uploads/resourceFile/de1bf9a2b96e9e4ecda093ada66ecff8_10_01_47am.pdf.Google ScholarGoogle Scholar
  43. SainSmart. DSO213 - Handheld Pocket-sized Digital Oscilloscope. Retrieved from https://www.amazon.com/SainSmart-Handheld-Pocket-Sized-Oscilloscope-Channels/dp/B07PDJQP7F.Google ScholarGoogle Scholar
  44. Hocheol Shin, Dohyun Kim, Yujin Kwon, and Yongdae Kim. 2017. Illusion and dazzle: Adversarial optical channel exploits against lidars for automotive applications. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems. Springer, 445--467.Google ScholarGoogle ScholarCross RefCross Ref
  45. Hocheol Shin, Yunmok Son, Youngseok Park, Yujin Kwon, and Yongdae Kim. 2016. Sampling race: Bypassing timing-based analog active sensor spoofing detection on analog-digital systems. In Proceedings of the USENIX Workshop on Offensive Technologies.Google ScholarGoogle Scholar
  46. Yasser Shoukry, Paul Martin, Yair Yona, Suhas Diggavi, and Mani Srivastava. 2015. PyCRA: Physical challenge-response authentication for active sensors under spoofing attacks. In Proceedings of the ACM Conference on Computer and Communications Security. 1004--1015.Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Siemens. DLF1191-AC: Filter against external light influences. Retrieved from https://hit.sbt.siemens.com/RWD/app.aspx?RC=HQEU8lang=en8MODULE=Catalog8ACTION=ShowProduct8KEY=BPZ%3a5221480001.Google ScholarGoogle Scholar
  48. Siemens. DLO 1191 Linear Smoke Detector Technical Description, Planning, Installation, Commissioning. Siemens. Retrieved from http://cmapspublic2.ihmc.us/rid=1H6JKSJGQ-1Y259M5-KVP/DLO1191%20Tech%20Description,%20Planning,%20Installation,%20Commissio.pdf.Google ScholarGoogle Scholar
  49. Simplex. Fire Alarm Network Reference. Retrieved from https://simplex-fire.com/en/us/DocumentsandMedia/4100-0055.pdf.Google ScholarGoogle Scholar
  50. Yunmok Son, Hocheol Shin, Dongkwan Kim, Young-Seok Park, Juhwan Noh, Kibum Choi, Jungwoo Choi, and Yongdae Kim. 2015. Rocking drones with intentional sound noise on gyroscopic sensors. In Proceedings of the USENIX Security Symposium. 881--896.Google ScholarGoogle Scholar
  51. System Sensor. 6424 Projected Beam Type Smoke Detector. System Sensor. Retrieved from https://www.systemsensor.com/en-us/Documents/6424_Manual_I56-0494.pdf.Google ScholarGoogle Scholar
  52. System Sensor. BEAM1224, BEAM1224S Single-ended Reflected Type Projected Beam Smoke Detector. System Sensor. Retrieved from https://www.systemsensor.com/en-us/Documents/BEAM_Detector_Manual_I56-2294.pdf.Google ScholarGoogle Scholar
  53. System Sensor. BEAM200, BEAM200S Single-ended Reflected Type Projected Beam Smoke Detector. System Sensor. Retrieved from https://www.systemsensor.com/en-us/Documents/Intelligent_BEAM_Manual_I56-2289.pdf.Google ScholarGoogle Scholar
  54. System Sensor. Case Study: Chief Sealth International High School – Hamilton Intermediate School. Retrieved from https://www.systemsensor.com/en-us/Documents/SeattleSchools_CaseStudy_SSCS004.pdf.Google ScholarGoogle Scholar
  55. System Sensor. Case Study: Mattress Warehouse – Intelligent BEAM Smote Detector with Integral Self Test. Retrieved from https://www.systemsensor.com/en-us/Documents/MattressWarehouse_CaseStudy_CMCS001.pdf.Google ScholarGoogle Scholar
  56. System Sensor. Case Study: New Mexico Capitol Building – System Sensor Protects the Old with the New. Retrieved from https://www.systemsensor.com/en-us/Documents/NewMexCapitolBldg_CaseStudy_CMCS006.pdf.Google ScholarGoogle Scholar
  57. Timothy Trippel, Ofir Weisse, Wenyuan Xu, Peter Honeyman, and Kevin Fu. 2017. WALNUT: Waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In Proceedings of the IEEE European Symposium on Security and Privacy. IEEE, 3--18.Google ScholarGoogle ScholarCross RefCross Ref
  58. Zhenbo Wang, Kang Wang, Bo Yang, Shangyuan Li, and Aimin Pan. 2017. Sonic gun to smart devices. In Proceedings of the Black Hat USA Conference.Google ScholarGoogle Scholar
  59. Chen Yan, Wenyuan Xu, and Jianhao Liu. 2016. Can you trust autonomous vehicles: Contactless attacks against sensors of self-driving vehicle. In Proceedings of the DEF CON.Google ScholarGoogle Scholar
  60. Guoming Zhang, Chen Yan, Xiaoyu Ji, Taimin Zhang, Tianchen Zhang, and Wenyuan Xu. 2017. DolphinAttack: Inaudible voice commands. In Proceedings of the ACM Conference on Computer and Communications Security. ACM.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. The System That Cried Wolf: Sensor Security Analysis of Wide-area Smoke Detectors for Critical Infrastructure

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader

              HTML Format

              View this article in HTML Format .

              View HTML Format
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!