While at Defcon (the largest computer security conference in the United States) I overheard it described as a sort of “Hacker New-Years holiday”. If that’s true, then maybe it’s time to go over one of the trends I’ve seen popping up for a while that has gained a lot of momentum this past year: Wireless hacking.
Wireless isn’t just about WiFi — there’s all sorts of protocols, specifications, and frequencies zipping through the air at any given moment, especially in the ISM bands. The ISM bands are a section of wireless spectrums which the Federal Communications Commission has designated as “Free Use”. The only limitation (generally speaking) is transmitting power. WiFi, RFID, Z-Wave, Zigbee, Bluetooth, cordless phones, and many, many more applications and appliances operate on these frequency bands. Many of the protocols in the ISM bands and especially those I mentioned are starting to get a lot of attention from hackers. This is because they can do such things as track (or spoof) planes in the air for ~$20…and much more.
Helping hackers get into the radio scene are several low-cost software-defined-radios which have been developed and released to the public either for free (as circuit board designs and specifications) or at low cost. In addition to the hardware, very effective and fairly robust software has been released as well (GnuRadio). Some of these radios and their software can perform tasks which used to cost thousands or even hundreds of thousands of dollars in software and radio equipment. The best and cheapest example of this is probably the newly-released HackRF, an open-sourced radio design that can perform between 100 Mhz to 6 Ghz and is designed to operate with GNU radio. It costs around $275 and is currently outperforming its Kickstarter.com goal by leaps and bounds.
Hackers can use hardware like the HackRF in conjunction with signals processing software such as GNURadio to build interpretations of physical-layer radio signal protocols like your car key fob or building Zigbee sniffers, Bluetooth security tools and sniffers, or even pager networks with low-cost hardware and free software.
As the cost of radio hardware falls and more players enter the radio arena, you can expect more attention to be paid to these (comparatively) little-known and poorly-secured protocols. Perhaps the attention from the sort of people that attend security conferences like Blackhat and Defcon will force better protocol design and encryption implementation for things like home automation systems, power company meter infrastructure, and industrial automation equipment. If you utilize lesser-known radio protocols and protocol stacks in your workplace, it will be worth keeping tabs on this research.
