Saved in:
Bibliographic Details
Main Authors: Yang, Yuqiao, Wu, Zhongjie, Zhang, Yongzhao, Chen, Ting, Li, Jun, Yang, Jie, Liu, Wenhao, Zhang, Xiaosong, Shi, Ruicong, Li, Jingwei, Jiang, Yu, Su, Zhuo
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2407.00682
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916307722567680
author Yang, Yuqiao
Wu, Zhongjie
Zhang, Yongzhao
Chen, Ting
Li, Jun
Yang, Jie
Liu, Wenhao
Zhang, Xiaosong
Shi, Ruicong
Li, Jingwei
Jiang, Yu
Su, Zhuo
author_facet Yang, Yuqiao
Wu, Zhongjie
Zhang, Yongzhao
Chen, Ting
Li, Jun
Yang, Jie
Liu, Wenhao
Zhang, Xiaosong
Shi, Ruicong
Li, Jingwei
Jiang, Yu
Su, Zhuo
contents UWB ranging systems have been adopted in many critical and security sensitive applications due to its precise positioning and secure ranging capabilities. We present a practical jamming attack, namely UWBAD, against commercial UWB ranging systems, which exploits the vulnerability of the adoption of the normalized cross-correlation process in UWB ranging and can selectively and quickly block ranging sessions without prior knowledge of the configurations of the victim devices, potentially leading to severe consequences such as property loss, unauthorized access, or vehicle theft. UWBAD achieves more effective and less imperceptible jamming due to: (i) it efficiently blocks every ranging session by leveraging the field-level jamming, thereby exerting a tangible impact on commercial UWB ranging systems, and (ii) the compact, reactive, and selective system design based on COTS UWB chips, making it affordable and less imperceptible. We successfully conducted real attacks against commercial UWB ranging systems from the three largest UWB chip vendors on the market, e.g., Apple, NXP, and Qorvo. We reported our findings to Apple, related Original Equipment Manufacturers (OEM), and the Automotive Security Research Group, triggering internal security incident response procedures at Volkswagen, Audi, Bosch, and NXP. As of the writing of this paper, the related OEM has acknowledged this vulnerability in their automotive systems and has offered a $5,000 reward as a bounty.
format Preprint
id arxiv_https___arxiv_org_abs_2407_00682
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle UWBAD: Towards Effective and Imperceptible Jamming Attacks Against UWB Ranging Systems with COTS Chips
Yang, Yuqiao
Wu, Zhongjie
Zhang, Yongzhao
Chen, Ting
Li, Jun
Yang, Jie
Liu, Wenhao
Zhang, Xiaosong
Shi, Ruicong
Li, Jingwei
Jiang, Yu
Su, Zhuo
Cryptography and Security
UWB ranging systems have been adopted in many critical and security sensitive applications due to its precise positioning and secure ranging capabilities. We present a practical jamming attack, namely UWBAD, against commercial UWB ranging systems, which exploits the vulnerability of the adoption of the normalized cross-correlation process in UWB ranging and can selectively and quickly block ranging sessions without prior knowledge of the configurations of the victim devices, potentially leading to severe consequences such as property loss, unauthorized access, or vehicle theft. UWBAD achieves more effective and less imperceptible jamming due to: (i) it efficiently blocks every ranging session by leveraging the field-level jamming, thereby exerting a tangible impact on commercial UWB ranging systems, and (ii) the compact, reactive, and selective system design based on COTS UWB chips, making it affordable and less imperceptible. We successfully conducted real attacks against commercial UWB ranging systems from the three largest UWB chip vendors on the market, e.g., Apple, NXP, and Qorvo. We reported our findings to Apple, related Original Equipment Manufacturers (OEM), and the Automotive Security Research Group, triggering internal security incident response procedures at Volkswagen, Audi, Bosch, and NXP. As of the writing of this paper, the related OEM has acknowledged this vulnerability in their automotive systems and has offered a $5,000 reward as a bounty.
title UWBAD: Towards Effective and Imperceptible Jamming Attacks Against UWB Ranging Systems with COTS Chips
topic Cryptography and Security
url https://arxiv.org/abs/2407.00682