|By Bob Gourley||
|August 13, 2013 09:30 AM EDT||
While at Defcon (the largest computer security conference in the United States) I overheard it described as a sort of “Hacker New-Years holiday”. If that’s true, then maybe it’s time to go over one of the trends I’ve seen popping up for a while that has gained a lot of momentum this past year: Wireless hacking.
Wireless isn’t just about WiFi — there’s all sorts of protocols, specifications, and frequencies zipping through the air at any given moment, especially in the ISM bands. The ISM bands are a section of wireless spectrums which the Federal Communications Commission has designated as “Free Use”. The only limitation (generally speaking) is transmitting power. WiFi, RFID, Z-Wave, Zigbee, Bluetooth, cordless phones, and many, many more applications and appliances operate on these frequency bands. Many of the protocols in the ISM bands and especially those I mentioned are starting to get a lot of attention from hackers. This is because they can do such things as track (or spoof) planes in the air for ~$20…and much more.
Helping hackers get into the radio scene are several low-cost software-defined-radios which have been developed and released to the public either for free (as circuit board designs and specifications) or at low cost. In addition to the hardware, very effective and fairly robust software has been released as well (GnuRadio). Some of these radios and their software can perform tasks which used to cost thousands or even hundreds of thousands of dollars in software and radio equipment. The best and cheapest example of this is probably the newly-released HackRF, an open-sourced radio design that can perform between 100 Mhz to 6 Ghz and is designed to operate with GNU radio. It costs around $275 and is currently outperforming its Kickstarter.com goal by leaps and bounds.
Hackers can use hardware like the HackRF in conjunction with signals processing software such as GNURadio to build interpretations of physical-layer radio signal protocols like your car key fob or building Zigbee sniffers, Bluetooth security tools and sniffers, or even pager networks with low-cost hardware and free software.
As the cost of radio hardware falls and more players enter the radio arena, you can expect more attention to be paid to these (comparatively) little-known and poorly-secured protocols. Perhaps the attention from the sort of people that attend security conferences like Blackhat and Defcon will force better protocol design and encryption implementation for things like home automation systems, power company meter infrastructure, and industrial automation equipment. If you utilize lesser-known radio protocols and protocol stacks in your workplace, it will be worth keeping tabs on this research.
- Google’s Enterprise Problem
- Building Video Calling with PubNub and WebRTC
- DataStax Announces New Startup Programme Offering Free Software, As Well As Free Training Courses For Cassandra Users And New Developer Tool
- Get Ready to Think Out (C)loud With Cloud Sherpas’ Upcoming Webinar Series
- Evaluation Report on Virtual Backup Software
- New PubNub App Template for WebRTC
- Strategic Enough to Matter, Code Halos and Mobile Apps
- GAMA : Quatre acteurs clefs, quatre stratégies différentes !
- 7 Christmas Gifts For Your Business
- Box and NSI Partnership Brings the Cloud to Businesses in the Middle East
- Wowza Joins Google Cloud Platform with Google Compute Engine
- The Master Plan for Enterprise Mobility
- WebRTC Summit at Cloud Expo Agenda Announced
- OneLogin Raises $13M to Power Expansion
- Cloud Security Alliance Releases Cloud Controls Matrix, Version 3.0
- Survey Finds Large Enterprises Adopting WebRTC
- WebRTC Summit | WebRTC: Test then Disrupt
- WebRTC Summit Speaker Submissions Open
- WSO2 Expands Identity Management Capabilities Across Cloud, Mobile and Web Applications With the Launch of WSO2 Identity Server 4.5
- Twilio and LiveOps to Deliver WebRTC Deployments
- BMC Software to Exhibit at Cloud Expo Silicon Valley
- Oracle Demonstrates WebRTC Solution with CounterPath's Bria
- OpenStack for the Enterprise – Showcasing the OpenStack Ecosystem
- GENBAND Showcases WebRTC and Cloud
- Where Are RIA Technologies Headed in 2008?
- The Top 250 Players in the Cloud Computing Ecosystem
- Dolphin Announces Open API With Over 50 Add-ons Including Dropbox and Wikipedia
- Personal Branding Checklist
- AJAXWorld 2006 West Power Panel with Google's Adam Bosworth
- Why Microsoft Loves Google's Android
- Google's OpenSocial: A Technical Overview and Critique
- Cloud Expo New York Call for Papers Now Open
- Wal-Mart To Sell $399 Ubuntu Linux-based Laptop with Google Operating System
- i-Technology Blog: Google Trends on Java, McNealy, AJAX, and SOA Give Pause For Thought
- i-Technology Blog: Is There Life Beyond Google?
- Android: Who Hates Google Over the Phone?