What could you do with $50 and a disposable coffee cup? One option would be to order a lot of coffee.
Another option: take down part of the power grid. And security researchers at the University of California, Irvine (UCI) just revealed how it's possible.
How does a cyber-physical attack work?
When we think about cyberattacks and cybersecurity, the concept that comes to mind is intangibility. Or, in other words, non-physical.
Cyberattacks operate in digital space, seemingly separate from the physical world. But Mohammad Al Faruque, UCI associate professor of electrical engineering and computer science, and his team recently demonstrated how physical these attacks can be.
Using just $50 of equipment stored inside a coffee cup, Al Faruque developed a mechanism capable of generating:
- A 32 percent change in output voltage
- A 200 percent increase in low-frequency harmonics power
- A 250 percent boost in real power from a solar inverter
In other words, it could knock a section of the power grid offline.
"Without touching the solar inverter, without even getting close to it, I can just place a coffee cup nearby and then leave and go anywhere in the world, from which I can destabilize the grid," Al Faruque said. "In an extreme case, I can even create a blackout."
Here's how easily the device can be produced:
"The spoofing apparatus assembled by Al Faruque's team consists of an electromagnet, an Arduino Uno microprocessor, and an ultrasonic sensor to measure the distance between the unit and the solar inverter. A Zigbee network appliance is used to control the mechanism within a range of about 100 meters, but that can be replaced by a Wi-Fi router that would enable remote operation from anywhere on the planet."
That's a scary thing to hide inside a cup of coffee. Watch the research in action here:
It's also a stark reminder that the need for cybersecurity extends beyond the digital sphere.
If you're defending your organization's security online, you should do it offline too.