Attacking Electric Motors for Fun and Profit

Electric motors (EMs) account for more than 40 percent of annual global electricity consumption and an estimated market size of $214 Billion by 2025. They drive autonomous vehicles and transportation systems, precisely control robotic movements in industrial systems, and even vibrate your phone. They are ubiquitous and they are controlled by hardware and software. Attacks targeting EMs bridge the gap between cyber space and the physical world, resulting in real-world damage.

To manage safety and security risks in cyber-physical systems with EM actuators, it is necessary to identify what attack objectives may exist against these components and determine what controls are required to mitigate these risks. Thus, our research aims to provide a comprehensive evaluation of cyber-attack objectives against EMs, which we don't believe has been done before in research, to provide risk assessors with new ideas to find vulnerabilities.

We conducted a wide-scale analysis of EMs, researching different EMs and case studies of their application in real-world SCADA and transportation systems. We analyze different attack objectives against EMs based on system type and provide examples of attack techniques that can achieve the objective. Types of failures include loss of control, wearing down components, limiting torque, over-rotating servo motors, fire, and some really unintentional impacts of messing with Pulse Width Modulation (PWM). Attack techniques to achieve these outcomes are both based on previous research and have not been presented before. They include pin-control attacks disrupting PWM, DOS or injection network attacks, sensor attacks, and exploiting the lack of security controls of software libraries on the controller.

Presented by