Wireless Under Hackers’ Eye

Wednesday, April 24, 2013 @ 07:04 PM gHale

Wireless critical infrastructure control systems could suffer from attacks carried out over Software Defined Radio (SDR), security researchers said.

SCADA (Supervisory Control and Data Acquisition), Building Management Systems (BMS) and PLCs (Programmable Logic Controllers) all use a proprietary wireless technology which could potentially suffer from a hack using SDR equipment and a PC. The specialist data communicated by these systems could end up intercepted, captured and replayed to suspend service and cause widespread disruption, said researchers at Digital Assurance.

Reflecting on Bioterrorism Threat
Ensuring Algae Remains Renewable
Software Cuts Wireless Traffic
Microgrid Project in Solar Village

These systems will also be at greater risk in the future as smart meters come online, increasing the attack surface of the network. The lowering price point, advances in processing power and difficulties in detecting SDR attacks are also likely to increase its appeal, the researchers said.

SCADA industrial control systems monitor and regulate utility services across multiple sites and distances and had some protection by the relative obscurity of the network in the past. Those days, however, are gone.

With up to 53 million smart meters across 30 million homes and businesses coming online between 2014-2019, the number of potential access points on to the network should increase dramatically.

The data relayed between these end devices can end up intercepted, captured, jammed or replayed using SDR equipment, providing the hacker with network-wide access to field devices, control stations, generating stations and transmission facilities, the researchers said.

Smart meters, which use the Zigbee standard, are vulnerable to signal capture. Chosen for its energy efficiency, Zigbee has suffered compromise before. Keys transmit in the clear, transmissions are prone to interference, and in the event of a signal jam, frequency hopping capabilities are poor. Attempts have gone on to secure Zigbee through authorization and pre-configured security keys but both require additional system management.

The lowering price point and ease of use of SDR equipment make it the ideal tool with which to capture, intercept and manipulate Zigbee and other widely used wireless standards, Digital Assurance researchers said. It has overcome many of the obstacles associated with wireless hacking, such as frequency hopping or advanced modulation techniques, and eradicates the need for expensive equipment or an in-depth knowledge of wireless standards on the part of the hacker.

SDR works by capturing radio frequency signals using a high-speed ADC (Analogue to Digital Converter) enabling the direct digitization of the radio frequency signal which can then undergo analysis by a DSP (Digital Signal Processor) before converting into output data stream. The user can analyze slices of spectrum, looking for carriers and modulated signals and go on to isolate the preamble and the payload, or message headers if searching for data streams, for instance.

“Wireless assaults on critical infrastructure will grow exponentially over the next few years, in line with the rollout of smart grid networks, and SDR provides the hacker with an opportunity to jump onto parts of this network,” said Greg Jones, Director, Digital Assurance. “To date, critical systems have relied upon their relative obscurity to protect them but that will have to change. The only way of protecting a wireless device from an SDR attack at present is to ensure that it has been designed, configured and deployed to resist over-the-air attacks. Very few vendors of such equipment will give this type of assurance so independent testing is currently the only option until the industry applies itself to developing a solution.”

Leave a Reply

You must be logged in to post a comment.