Eth(er)ical Hacking – Hacker Defined Radio and analysing Signals

René Pfeiffer/ April 4, 2019/ Call for Papers, High Entropy

Bluetooth signal behind wireless LAN signal. Source: https://en.wikipedia.org/wiki/File:Bluetooth_signal_behind_wireless_lan_signal.png, Source: https://en.wikipedia.org/wiki/File:Bluetooth_signal_behind_wireless_lan_signal.pngThere is a lot going on in the wireless world. 5G is all the fashion, because frequencies are being auctioned. This is only the tip of the iceberg. Wireless protocols have become ubiquitous. The IEEE 802.11 family is one widespread example. Bluetooth, mobile networks, ZigBee, Z-Wave, and other wireless transmissions are widely used. If you go looking for signals, your first stop are usually industrial, scientific and medical (ISM) radio bands. But there is much more. It’s well worth to passively scan what’s all around you.

The equipment is often the main obstacle preventing hacker from doing something. When it comes to radio waves you need a suitable antenna (or a couple thereof) plus the hardware to drive it. Even if you limit yourself to passive operation you still need something to catch, amplify, and convert the signals to something meaningful a computer can use. The cost has dropped in the past years. Conversely the availability has increased. The catch-phrase is software-defined radio (SDR). The technology is present in ordinary devices such as a DVB-T USB dongles or USB-to-VGA converters. Gadgets like the HackRF One also allow for some decent first steps in exploring the wireless world. If you have more money to spend, you can go for more options in terms of hardware capabilities.

Why do this? What’s the deal with wireless stuff anyway? Well, back in the early days of Wi-Fi the war driving folks didn’t ask this question. Going around and peeking at 802.11 installations is still very fruitful when it comes to penetration testing and information security defence. The Internet of Things (IoT) ecosystem heavily relies on wireless transmissions. In addition a lot of protocols don’t take security very serious. If few people bother to buy SDR receivers, why bother? Right? The list of devices has grown in the past years. Nowadays pace makers, remote-controlled vehicles (think drones!), wireless (car) keys, door openers, sensors, mobile phones, payment terminals, and the Global Positioning System (GPS) are just a small selection of wireless targets for both passive detection and active attacks.

If you have content regarding wireless detection of threats, attack vectors, training material, or interesting findings, please consider submitting them to DeepSec or DeepINTEL.

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.