Abusing Commodity DRAMs in IoT Devices to Remotely Spy on Temperature

TL;DR

This paper reveals a novel digital attack exploiting DRAM decay properties to remotely sense temperature in IoT devices, enabling privacy breaches without hardware modifications or physical access.

Contribution

It introduces a new temperature sensing attack using DRAM decay characteristics, applicable to off-the-shelf IoT devices without hardware changes.

Findings

Achieves temperature sensing with 0.5°C resolution from 0°C to 70°C

Works on devices without dedicated temperature sensors

Can be performed remotely via software compromise

Abstract

The ubiquity and pervasiveness of modern Internet of Things (IoT) devices opens up vast possibilities for novel applications, but simultaneously also allows spying on, and collecting data from, unsuspecting users to a previously unseen extent. This paper details a new attack form in this vein, in which the decay properties of widespread, off-the-shelf DRAM modules are exploited to accurately sense the temperature in the vicinity of the DRAM-carrying device. Among others, this enables adversaries to remotely and purely digitally spy on personal behavior in users' private homes, or to collect security-critical data in server farms, cloud storage centers, or commercial production lines. We demonstrate that our attack can be performed by merely compromising the software of an IoT device and does not require hardware modifications or physical access at attack time. It can achieve temperature resolutions of up to 0.5{\deg}C over a range of 0{\deg}C to 70{\deg}C in practice. Perhaps most interestingly, it even works in devices that do not have a dedicated temperature sensor on board. To complete our work, we discuss practical attack scenarios as well as possible countermeasures against our temperature espionage attacks.