Exploiting IR-based motion sensor and its defense

Abstract

As Internet of Things (IoT) is growing more and more nowadays, IoT-equipped things are also increasing. These IoT-equipped things use sensors and sensor inputs take important part of device's operation. Sensor is a device which receives input from measuring external environment. However, distinguishing malicious input from an attacker and genuine input is very difficult and many spoofing attacks against sensors has been studied based on these idea. In this paper, we propose methodoly to make false alarm of PIR based motion sensor which detects motion by measuring the far infrared radiation. Far infrared radiation is radiated from the heat source such as human and it is diffused so it can not be propagated to long distance. Our proposed methodology use separate far infrared radiation source from a long distance, which is far than motion sensor's operating distance, to let motion sensor recognize there is a motion when nothing exists. Moreover, motion sensor is frequently used in IoT such as household security system, so our methodology can be also applyed to IoT environment to cause security threats. Moreover, for the defense of IR injection spoofing attack, we propose fingerprinting IR source from the received IR intensity data. We trained with 10 IR LED data with machine learning and the accuracy was 54.67%.