Wireless cameras, RFID key cards, keyboards, cordless phones, just about every wireless technology that isn’t light- or sound-based will attract a hoard of researchers (and attackers) looking at ways to exploit them. Are you prepared?
It is now known that your car’s GPS, toaster and medical devices are vulnerable to attack. For the most part, built without protection in place, many of these devices are now being retrofitted with security. But did you know that your WiFi devices likely are just as vulnerable?
Enter Software Defined Radio (SDR). Frequency hopping, modulation schemes and other signal processing happen in software rather than specialized hardware. It is the ultimate in convenience for eavesdroppers seeking confidential information.
Like much firmware, many radio devices were not built with security in mind. This makes them vulnerable to attackers on cellular communication systems, Bluetooth™ keyboards, RFID/NFC devices (contactless communications), WiFi, Radio Data Systems (RDS) and other devices.
Case in point. Bluetooth keyboards. A relatively inexpensive (about $120) device called the Ubertooth was designed and manufactured to explore Bluetooth transmission part of the radio spectrum and was quickly picked up by pen-testers. The Ubertooth’s “random” frequency-hopping mode is predictable enough to make it possible to monitor Bluetooth hardware. Users can be tracked by their Bluetooth devices if strategically placed Ubertooths (teeth?) are positioned along their route.
Brace yourselves though — Michael Ossmann, the hardware wizard behind the Ubertooth has a new SDR project, HackRF, on Kickstarter. For Pen-testers and attackers it’s set to be a radio gold mine, described as “a single software radio platform (that) can be used to implement virtually any wireless technology (Bluetooth, ZigBee, cellular technologies, FM radio, etc.).”
”The HackRF module has a frequency range from 30MHz to 6GHz natively and can be made to operate in even lower frequency ranges with an up-converter. However, the design range is more than sufficient to cover most RF communications. For $300 attackers (and researchers) will be able to extend their range of mischief.