Wireless’ dirty sisters: The other RF you aren’t looking at and why you are going to get hurt!

BSidesLV 2011

Presented by: warezjoe
Date: Thursday August 04, 2011
Time: 12:30 - 13:30
Location: Track 2
Track: Track 2

This talk to going to be an interactive (get the juices flowing) discussion about numerous existing and emerging wireless technologies that are being deployed and used in organizations and their susceptibility to attack and eavesdropping. NO… there will be no 802.11 anything in this talk. The goal of the presentation will be to explorer some of these less attacked technologies and discuss low cost tools / techniques that penetration testers can put together and utilize to assist on engagements. As Security Professionals we are always looking to the horizon for the next big security trend and planning on how to defend against it. This is a great strategy for staying on top of the popular emerging threats but we often get distracted while numerous other technology slip below the noise level and get integrated into the environment we are paid to protect.

In this presentation we will discuss several wireless technologies from a pentesters’ attack and defense point of view:

RF Link Technology – RF link devices are very small inexpensive radio communication devices that are implemented in all sorts of new technology including IP (intelligent) lighting solutions, heating control systems and other environmental and short range communication systems. We will discuss how these devices work, their communication protocols and how they can be exploited or manipulated to perform functions outside their original intent.

POCSAG - Many of us consider POCSAG a legacy technology that has been deprecated and replaced throughout the industry by newer technology. Nothing could be further from the truth! In this part of the presentation we’ll look at just how far POCSAG proliferation has gone and the sensitive information that can be obtained from a penetration tester’s perspective. POCSAG, FLEX and MOBI all use variations of simple Frequency Shift-keying modulation that is easily decoded with hardware or software tools. We’ll take a look at how the technology works and how simple interception of transmissions can achieved with low cost hardware.

Xbee Attack and Packet Capture platform – There have been lots of presentation discussing the weakness of Zigbee / Xbee protocol and devices. In this part of the presentation we’ll move away from the theoretical and discuss a small practical lite weight Pentester’s mobile platform that can be used to identify xbee devices, capture and craft packets all from a friendly Arduino based microcontroller. Enter the Xbee Chibi!


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats