DPhil the Future: Signal Injection Attacks against CCD Image Sensors

DPhil student Sebastian Köhler, Researcher Richard Baker, and Professor Ivan Martinovic look at the vulnerabilities of charge-coupled device (CCD) image sensors.  

The importance of cameras for vision-based intelligent systems, such as autonomous vehicles, is undeniable. The captured video frames are often used as part of the decision-making process, making their integrity crucial for the correct behaviour of the system. However, due to the nature of analogue sensors, it is not easy for a sensor to verify whether the captured information has been manipulated. In other words, a sensor cannot distinguish between a naturally occurring physical signal and an artificially generated one. We discovered that this issue also applies to charge-coupled device (CCD) image sensors, as used in professional and scientific applications, such as ground and space astronomy, microscopy, industrial automation, military surveillance, and defence systems.  

In recent years, various attacks against camera-based systems that compromise their integrity have been demonstrated. Since image sensors are optical sensors, the most obvious attack vector is the injection of light. However, injecting light in a controlled way is almost unfeasible and only partially possible for CMOS image sensors that implement an electronic rolling shutter mechanism that reads the captured image information row by row, rather than all at once. CCD image sensors always implement a global shutter inherent to their design. This means fine-grained signal injection attacks using light are not possible. Moreover, a light-based attack requires line of sight between the adversary and the target camera. Finally, attacks that leverage optical emission tend to be suspicious and easily detected by simple mechanisms – for example, if the frame is suddenly over or under-exposed, an alarm is triggered.  

In this article, we present an approach that overcomes these limitations and allows the injection of fine-grained perturbations using intentional electromagnetic interference (IEMI).  

Signal Injection Attack  

We hypothesise that, due to their architecture, CCD image sensors are susceptible to intentional electromagnetic interference, making them vulnerable to post-transducer signal injection attacks. Normally, a sensor should only react to one specific physical stimulus to which it is intended to respond. In the case of an image sensor, the stimulus is light. Incident light causes the generation of electronic charges that can be measured and quantised. Yet, the image sensor itself cannot determine whether the signal charge was generated by the photodiode array during the integration period due to the incident light, or resulted from electromagnetic interference that coupled onto the circuit. A malicious actor could leverage this fact and emit electromagnetic waves at the resonant frequency of the target CCD image sensor to induce a voltage and subsequently alter the captured image information.  

Evaluation  

We validated our hypothesis on two different CCD cameras, namely a DFM 25G445-ML and a 420TVL CCTV board camera. To prevent interference from other signal sources, we placed the target camera and the antenna in a closed RF shielded box. This also prevented uncontrolled radiation of the attack signal, which could otherwise interfere with legitimate communication channels in the tested frequency spectrum or couple onto other equipment. Nevertheless, to rule out the possibility that the attack signal is induced directly into the cabling and not into the CCD image sensors themselves, we also performed the attack with the cameras switched off. Finally, placing the camera in the EMI shielded box also prevented the generation of legitimate signal charge, making it easier to detect whether the attack was successful or not.  

Method  

To find the most effective carrier frequency, we captured video frames while running a frequency sweep with a step size of 1 MHz from 50 to 5000 MHz. We then calculated the Structural Similarity Index Measure (SSIM) between the collected frames. More specifically, for every carrier frequency ƒc , we collected ten frames, three legitimate frames during normal operation, and seven malicious frames while emitting a sine wave with frequency ƒ = 1 kHz modulated onto the carrier wave. 

For this experiment, the cameras were placed around 3cm away from the transmitting antenna and the output power of the software-defined radio was set to the maximum (20.1 dBm). The experiments were conducted inside a shielded and completely dark box, leading to almost entirely black frames during normal operation. Hence, the SSIM between consecutive legitimate frames was high, meaning they were almost identical. In contrast, for a successful attack, the SSIM between legitimate frames and malicious ones should be as low as possible. The most effective carrier frequency was selected based on the smallest SSIM value. In other words, the frequency that caused the smallest SSIM values induced the most significant perturbations. On the other hand, an ineffective carrier frequency did not induce any signal charge and led to high SSIM values similar to those measured between legitimate frames.  

Results  

The results of the frequency sweep revealed that the most effective carrier frequency was 190 MHz for the DFM 25G445-ML and 341 MHz for the analogue CCD. Interestingly, while the analogue CCD camera was only affected at around 341 MHz, the DFM 25G445-ML was vulnerable at various frequencies. The findings indicate that a malicious signal modulated onto a sinusoidal carrier wave at the appropriate frequency is highly likely to couple successfully onto the CCD image sensor. As a result, an adversary would pick 190 MHz or 341 MHz, depending on the target camera.  

Use Case: Barcode Scanning  

To illustrate an end-to-end attack, we evaluated the attack in the scenario of automated barcode scanning, as used in manufacturing or logistics. We considered an attacker that seeks to remotely disrupt the performance of the barcode scanning, thereby either inhibiting the efficient flow of tracked items or corrupting the inventory management of the facility. As automated CCD barcode scanners often handle hundreds of barcodes per second, even a short attack can quickly impact a large number of items. Scanning a barcode relies on the colour contrast between bright and dark bars.  

We found that injecting random noise into a CCD image sensor can break this contrast and substantially reduce the reliability of the scanning system. For the lowest selected exposure of 20,000μs and no additional amplification of the signal charge, the captured frames were slightly underexposed. This led even during normal operation to a detection rate of only 50%. As such, it is not surprising that the injected noise reduced the detection rate even further. However, increasing the exposure time and the gain improved the performance under normal operation significantly, leading to a consistent detection rate above 99%. At the same time, the attack effectiveness diminished with increasing exposure time, and contrary to our expectations, for higher gains. This observation can be explained by the increasing contrast between the white background and the black bars of the barcode. Nevertheless, under optimal settings, for instance, for exposure time = 20000μs and a gain of 8.7, the attack caused the detection rate to drop to 1%.  

Conclusion  

The results of our evaluation show that CCD image sensors are susceptible to intentional electromagnetic interference. We have proven our hypothesis by successfully conducting signal injection attacks against two different CCD image sensors, showing that IEMI can be used to manipulate the captured frames down to the granularity of a single pixel. To demonstrate the impact of such an attack, we evaluated the consequences in the context of automatic barcode scanning, showing that the attack can reduce the detection rate to 1%. Although CCD image sensors are not as widespread nowadays, we argue that signal injection attacks are a real threat to applications relying on input from cameras equipped with CCD image sensors.