TimeTravel: Real-time Timing Drift Attack on System Time Using Acoustic Waves

TL;DR

TimeTravel is a novel attack exploiting acoustic resonance to manipulate real-time clock systems, enabling precise forward or backward time drift with high accuracy, posing significant security risks.

Contribution

This paper introduces a new acoustic-based attack method, TimeTravel, that can arbitrarily modify system time in RTC circuits, revealing a critical security vulnerability.

Findings

TimeTravel can drift system time with up to 93% accuracy.

The attack maintains at least 77% success rate in typical environments.

Nine modules and two commercial devices are vulnerable.

Abstract

Real-time Clock (RTC) has been widely used in various real-time systems to provide precise system time. In this paper, we reveal a new security vulnerability of the RTC circuit, where the internal storage time or timestamp can be arbitrarily modified forward or backward. The security threat of dynamic modifications of system time caused by this vulnerability is called TimeTravel. Based on acoustic resonance and piezoelectric effects, TimeTravel applies acoustic guide waves to the quartz crystal, thereby adjusting the characteristics of the oscillating signal transmitted into the RTC circuit. By manipulating the parameters of acoustic waves, TimeTravel can accelerate or decelerate the timing speed of system time at an adjustable rate, resulting in the relative drift of the timing, which can pose serious safety threats. To assess the severity of TimeTravel, we examine nine modules and two commercial devices under the RTC circuit. The experimental results show that TimeTravel can drift system time forward and backward at a chosen speed with a maximum 93% accuracy. Our analysis further shows that TimeTravel can maintain an attack success rate of no less than 77% under environments with typical obstacle items.