Liquid Crystal Mimics Your Heart: A Physical Spoofing Attack against PPG-based Systems
Published in IEEE Transactions on Information Forensics and Security, 2025
Recommended citation: Junhao Wang, Li Lu*, Hao Kong, Feng Lin, Zhongjie Ba, Kui Ren. "Liquid Crystal Mimics Your Heart: A Physical Spoofing Attack against PPG-based Systems." IEEE Transactions on Information Forensics and Security. 20, pp. 8628-8642. 2025. doi: 10.1109/TIFS.2025.3598472.
IEEE Transactions on Information Forensics and Security is a premier journal on information security and signal processing, which is sponsored by IEEE Signal Processing Society. IEEE TIFS is a CCF-A journal.
Abstract: Photoplethysmography (PPG) has been extensively employed in commercial and medical products to assess human cardiac activities. However, despite PPG’s active role in improving people’s daily lives, research on the vulnerabilities of PPG systems is still in its infancy. This paper investigates the feasibility of deceiving PPG sensors in the physical domain. We propose FakePPG, which utilizes a low-cost Liquid Crystal Modulator (LCM) device to mimic the PPG signals of a legitimate user, thus deceiving both the PPG-based health assessment and potential authentication applications. To implement FakePPG in practical scenarios, we build the attack prototype using commercial off-the-shelf electronic components and further design an automated optimization and attack framework. By leveraging the modified multi-Gaussian model for parameterization, the evolutionary strategy for optimization, and the reference heart rate model for heartbeat variability alignment, FakePPG can achieve efficient, flexible, and automated PPG forgery against arbitrary users and heart states. Extensive experimental results show that FakePPG can achieve a success rate of 96.7% for Atrial Fibrillation (AFib) spoofing and 91.2% for identity spoofing, respectively, revealing a realistic threat to PPG systems.