Attacking Electric Motors for Fun and Profit

The presentation discusses a threat model for electric motor systems and applies it to a scenario involving a global drone delivery system. The model identifies three attack goals: control, disrupt, and data exfiltration, and seven layers that can be attacked from a physical or cyber perspective. The presentation emphasizes the importance of identifying attackers and creating attack graphs to prevent attacks.

• Identifies three attack goals against electric motor systems: control, disrupt, and data exfiltration
• Identifies seven layers that can be attacked from a physical or cyber perspective
• Applies the threat model to a scenario involving a global drone delivery system
• Emphasizes the importance of identifying attackers and creating attack graphs to prevent attacks

The presenter shares a personal anecdote about burning out motors and causing fires due to poor soldering skills, highlighting the importance of understanding the components of a system to prevent accidents and attacks.

Electric motors (EMs) account for more than 40 percent of annual global electricity consumption and an estimated market size of $214 Billion by 2025. They drive autonomous vehicles and transportation systems, precisely control robotic movements in industrial systems, and even vibrate your phone. They are ubiquitous and they are controlled by hardware and software. Attacks targeting EMs bridge the gap between cyber space and the physical world, resulting in real-world damage. To manage safety and security risks in cyber-physical systems with EM actuators, it is necessary to identify what attack objectives may exist against these components and determine what controls are required to mitigate these risks. Thus, our research aims to provide a comprehensive evaluation of cyber-attack objectives against EMs, which we don't believe has been done before in research, to provide risk assessors with new ideas to find vulnerabilities. We conducted a wide-scale analysis of EMs, researching different EMs and case studies of their application in real-world SCADA and transportation systems. We analyze different attack objectives against EMs based on system type and provide examples of attack techniques that can achieve the objective. Types of failures include loss of control, wearing down components, limiting torque, over-rotating servo motors, fire, and some really unintentional impacts of messing with Pulse Width Modulation (PWM). Attack techniques to achieve these outcomes are both based on previous research and have not been presented before. They include pin-control attacks disrupting PWM, DOS or injection network attacks, sensor attacks, and exploiting the lack of security controls of software libraries on the controller.