Black Hat: Sub-GHz Wireless Within Reach

Wednesday, July 25, 2012 @ 07:07 PM gHale


By Jacob Kitchel
Sub-GHz hardware and wireless technology, which has traditionally been unreachable, is now within reach.

As part of a technical workshop offered Wednesday at Black Hat USA 2012 in Las Vegas, a researcher, who goes by the name “Atlas”, demonstrated and led a room of like-minded security researchers on how to utilize a USB dongle along with some custom-written firmware to explore and experiment with sub-GHz radio frequencies.

RELATED STORIES
Black Hat: Air Gap Myth Buster
Black Hat: New Security Paradigm
ICS-CERT: Attacks on Rise
Cyber Secure Device Certification

These radio frequencies are increasingly common in embedded devices such as medical devices, manufacturing systems, industrial systems, cell phones, and power systems.

Traditionally, the exploration of these systems has presented a high barrier to entry to all but the most informed engineers and designers of wireless systems. However, as time moved on, software security researchers expanded their skills and interests into electronic hardware and the areas where the two skillsets intersect. Those interests, skills, new technology, and the pervasiveness of wireless communication led them to explore the airwaves.

The USB dongle, the cc1111, is readily available for about $50 and the accompanying software project, rfcat, is available in an online repository hosted by the presenting researcher.

With a strong industry focus on security and compliance of traditional cyber assets, this research presents an additional area that companies will need to begin exploring and evaluating. Many of these wireless devices exist and operate without much thought – they just work. The research and demonstrations have worked to pull back the veil on the magical world of radio signals and enable researchers and attackers to probe and test these devices for security vulnerabilities.

Two of the researchers in the workshop, Nathan Keltner and Kevin Finisterre of Accuvant Labs, called the rfcat and cc1111 combination a “Swiss Army knife” for assessing products using sub-GHz wireless frequencies. “GnuRadio and USRPs are great tools but they’re also kind of bulky and can be overkill,” said Finisterre.

The rfcat and cc1111 combination will lower the barrier to listening to and transmitting on arbitrary wireless frequencies and allow researchers to spend more time assessing security as opposed to overcoming implementation hurdles. “It’s important to leverage readily available and approachable tools,” said Keltner.



Leave a Reply

You must be logged in to post a comment.