Sitting in a restaurant waiting to have your name called for a table can require a level of patience a hungry stomach doesn’t allow. But what if it were possible to set off the notification pager the restaurant gave you and skip the line?
Abusing that pager system is just one example of what security researcher Balint Seeber plans to touch on at his upcoming presentation at Black Hat USA. At the conference, he will be discussing the use of software defined radio for blind signal analysis of the wireless world, as well as the reverse engineering of signals. But his presentation won’t stop at discussing restaurant pagers. It will move on to much bigger targets – such as an airport’s primary surveillance radar.
In an experiment, he went out to a hill beside Moffet Federal Airfield in California.
“This time, I said well, I’ll just go out there with my little laptop and my little radio and antennae, and I’ll just and record at the frequency that it is transmitting at and see what I actually pick up,” said Seeber. “This is known as a passive setup, where you are not transmitting, you’re relying on another transmitter to emit a signal.”
He observed different things popping up in the signal, and wrote some software to process the signal, extract the returns and turn it into an image. All of the hotspots that appear in the image match to actual physical features on the ground, including the Trans Bay Cable.
“I guess what I’ve sort of done in effect is create my own, personalized little primary surveillance radar, just with my laptop and a radio receiver,” he said.
The radar and its raw signals can be seen here: http://youtu.be/cygDXeZaiOM?t=6m56s . The next step is to process more revolutions and identify moving targets, he said.
Seeber also turned his attention to vehicles that allow for keyless entry.
“I put the antenna near the door and could detect the periodic pulse from the keyless entry system, and the return signal from the remote that informs the car the owner is nearby,” Seeber said. “I had a look at the modulations used, but will not go further on this one – the crypto (is) probably quite secure, so it’s not worthwhile for me anyway going deeper. The purpose was purely to see what the signals looked like and how the interrogation is timed.”
Seeber will not be the only one giving a presentation connected to software-defined radio. Another group of researchers will discuss their development of a wireless monitor/injector tool based on software-defined radio using GNU Radio and the scapy framework. The tool was developed in order to provide effective penetration testing capabilities for security auditors.
“The common area that I try to emphasize through all this,” Seeber said, “is that getting this hardware just makes this world so accessible, this world that most people don’t really have any visibility into. We just sort of wake up every day…and do what we normally do. But we don’t really realize the amount of wireless signals that are invisible to us and moving around us the entire day and are kind of integral with how we live our lives now.”
Black Hat USA will be held from Aug. 2 to Aug. 7 in Las Vegas.
