Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Researcher Discusses Hacking the Wireless World With Software-Defined Radio

Sitting in a restaurant waiting to have your name called for a table can require a level of patience a hungry stomach doesn’t allow. But what if it were possible to set off the notification pager the restaurant gave you and skip the line?

Sitting in a restaurant waiting to have your name called for a table can require a level of patience a hungry stomach doesn’t allow. But what if it were possible to set off the notification pager the restaurant gave you and skip the line?

Abusing that pager system is just one example of what security researcher Balint Seeber plans to touch on at his upcoming presentation at Black Hat USA. At the conference, he will be discussing the use of software defined radio for blind signal analysis of the wireless world, as well as the reverse engineering of signals. But his presentation won’t stop at discussing restaurant pagers. It will move on to much bigger targets – such as an airport’s primary surveillance radar.

In an experiment, he went out to a hill beside Moffet Federal Airfield in California.

“This time, I said well, I’ll just go out there with my little laptop and my little radio and antennae, and I’ll just and record at the frequency that it is transmitting at and see what I actually pick up,” said Seeber. “This is known as a passive setup, where you are not transmitting, you’re relying on another transmitter to emit a signal.”

He observed different things popping up in the signal, and wrote some software to process the signal, extract the returns and turn it into an image. All of the hotspots that appear in the image match to actual physical features on the ground, including the Trans Bay Cable.

“I guess what I’ve sort of done in effect is create my own, personalized little primary surveillance radar, just with my laptop and a radio receiver,” he said.

The radar and its raw signals can be seen here: http://youtu.be/cygDXeZaiOM?t=6m56s . The next step is to process more revolutions and identify moving targets, he said.

Seeber also turned his attention to vehicles that allow for keyless entry.

“I put the antenna near the door and could detect the periodic pulse from the keyless entry system, and the return signal from the remote that informs the car the owner is nearby,” Seeber said. “I had a look at the modulations used, but will not go further on this one – the crypto (is) probably quite secure, so it’s not worthwhile for me anyway going deeper. The purpose was purely to see what the signals looked like and how the interrogation is timed.”

Seeber will not be the only one giving a presentation connected to software-defined radio. Another group of researchers will discuss their development of a wireless monitor/injector tool based on software-defined radio using GNU Radio and the scapy framework. The tool was developed in order to provide effective penetration testing capabilities for security auditors. 

“The common area that I try to emphasize through all this,” Seeber said, “is that getting this hardware just makes this world so accessible, this world that most people don’t really have any visibility into. We just sort of wake up every day…and do what we normally do. But we don’t really realize the amount of wireless signals that are invisible to us and moving around us the entire day and are kind of integral with how we live our lives now.”

Black Hat USA will be held from Aug. 2 to Aug. 7 in Las Vegas. 

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...