Yan He (University of Oklahoma), Guanchong Huang (University of Oklahoma), Song Fang (University of Oklahoma)
Wireless security surveillance systems are widely deployed due to their increased affordability. Motion detection is often integrated into them as the linchpin of the security they provide, detecting when someone is present in its range and then triggering the system to start recording or notifying the property owner. In this paper, we present PhantomMotion, a new attack framework to fool the motion detection function of those security systems. It can create fake motion stimuli stealthily by aiming laser beams into the motion detection range, and it confirms a response to the stimuli via sniffing wireless traffic. PhantomMotion does not require any professional equipment or to perform physical motion within the monitored area. It consists of a novel hardware platform integrating laser control and WiFi sniffing, and a new generative mechanism of motion injection. We develop a smartphone app to implement PhantomMotion, validating its efficacy against 18 popular wireless motion-activated security systems. Experimental results show that PhantomMotion can always generate fake motion to successfully trigger the systems, within an average of 12.8 seconds and via moving the laser spot for a mean distance of 1.1 m. Notably, we verify that PhantomMotion works from a distance of up to 120 meters.