Preview Mode Links will not work in preview mode

Nov 24, 2020

Sébastien Dudek - 

@FlUxIuS

@penthertz

Why we are here today?

Software Defined Radio (sdr-radio.com)

What kind of hardware or software do you need? Why would a security professional want to know how to use SDR tools and attacks?

What other kinds of attacks can be launched? (I mean, other than replay type attacks)

Door systems (badge systems)

NFC? Contactless credit card attacks 

Smart building/home control systems

Bluetooth attacks

Point Of Sale systems

Cellular radio 3g/4g/5g

Industrial control systems

Home appliances

Medical telemetry systems

Drones!

LoRa - Wikipedia

DASH7 - Wikipedia - custom TCP stack for LoRa

Vehicle-to-grid - Wikipedia (V2G)

Automatic Wireless Protocol Reverse Engineering | USENIX

 

Hunting mobile devices endpoints - the RF and the Hard way | Synacktiv - Sébastien Dudek 

 How Can Drones Be Hacked? The updated list of vulnerable drones & attack tools | by Sander Walters | Medium

Carrier Aggregation explained (3gpp.org) 

Mobile phone jammer - Wikipedia

World’s top hackers meet at the first 5G Cyber Security Hackathon - Security Boulevard

Supply chain attacks - systems tend to use wireless chipsets or protocols

 

LTE-torpedo-NDSS19.pdf (uiowa.edu)  -privacy attacks on 4g/5g networks using side channel information

How does someone make a faraday cage on the cheap? (mentioned in one of your class agendas)

Lots of IoT devices use your typical home wifi connection, can’t you just sniff packets to get what you need?

Replay attacks on car fobs: Jam and Replay Attacks on Vehicular Keyless Entry Systems (s34s0n.github.io)

Attacks on Tesla wireless entry: Tesla’s keyless entry vulnerable to spoofing attack, researchers find - The Verge

Garage door opener attacks: How to Hack a Garage Door in Under 10 Seconds and What You Can Do About It - ITS Tactical

 

Kid’s toy opens garage doors: This Hacked Kids' Toy Opens Garage Doors in Seconds | WIRED

 

What are the current limitations to testing wireless and RF related systems? What about custom wireless implementations?

Cellular?

Zigbee?

I’m a wireless manufacturer of some kind of device. I’m freaked now by hearing you talk about how easy it is to attack wireless systems. What are some things I could do to ensure that the types of attacks we discussed here cannot affect me?

Wireless defense system? https://www.researchgate.net/publication/321491751_Security_Mechanisms_to_Defend_against_New_Attacks_on_Software-Defined_Radio

List of SDR software: The BIG List of RTL-SDR Supported Software (rtl-sdr.com)