Category: News

SDR Videos from DEFCON 29

Recently some videos from this years (mostly virtual) DEFCON 29 conference have been uploaded to YouTube. Defcon is a major yearly conference all about information security, and some of the talks deal with wireless and SDR topics. Some interesting talks that we've found from the main Defcon and Villages are posted below.

You can view all the talks directly as well as the many others via the main stage DEFCON YouTube channel, the ICS Village Channel, RF Village Channel and the Aerospace Village. There are also several talks from the Ham Radio Village recorded on Twitch. Did we miss any interesting talks? Please let us know in the comments.

Smart Meters: I'm Hacking Infrastructure and So Should You (Hash Salehi)

Why Smart Meters? This is a question Hash is often asked. There's no bitcoin or credit card numbers hiding inside, so he must want to steal power, right? Openly analyzing the technology running our critical infrastructure and publishing the findings is something Hash is passionate about. In the wake of the great Texas freeze of 2021, we can no longer "hope" those in power will make decisions that are in the people's best interest. This talk will present research on the Landis+Gyr GridStream series of smart meters used by Oncor, the largest energy provider in Texas.

Cyber attacks on Industrial Control Systems (ICS) differ in scope and impact based on a number of factors, including the adversary's intent, sophistication and capabilities, and familiarity with ICS and automated indutrial processes. In order to understand, identify and address the specific points that can prevent or stop an attack, a systematic model known as "Cyber Kill Chain" is detailed, a term that comes from the military environment and registered by the Lockheed Martin company. While most are familiar with terms and theoretical diagrams of how security should be implemented, in this talk we want to present live how an attack chain occurs from scratch to compromise industrial devices, the full kill chain, based in our experiences. The goal is to land these threats into the real world without the need to carry out these attacks with a nation-state budget.

Smart Meters: I'm Hacking Infrastructure and So Should You (Hash Salehi)

DEF CON 29 - Paz Hameiri - TEMPEST Radio Station

TEMPEST is a cyber security term that refers to the use of electromagnetic energy emissions generated by electronic devices to leak data out of a target device. The attacks may be passive (where the attacker receives the emissions and recovers the data) or active (where the attacker uses dedicated malware to target and emit specific data).

In this talk I present a new side channel attack that uses GPU memory transfers to emit electromagnetic waves which are then received and processed by the attacker. Software developed for this work encodes audio on one computer and transmits it to the reception equipment positioned fifty feet away. The signals are received and processed and the audio is decoded and played. The maximum bit rate achieved was 33kbit/s and more than 99% of the packets were received.

Frequency selection not only enables maximization of signal quality over distance, but also enables the attacker to receive signals from a specific computer when several computers in the area are active. The software developed demonstrates audio packets transfers, but other types of digital data may be transmitted using the same technique.

[Slides Link] [Whitepaper]

DEF CON 29 - Paz Hameiri - TEMPEST Radio Station

DEF CON 29 RF Village - cemaxecuter - RF Propagation and Visualization with DragonOS

"Today's presentation will start with a brief history of DragonOS, where it started and where it's at today. After a short introduction, I'll dive into the subject of visualizing RF propagation with DragonOS. I'll be showing a fresh OS install and the necessary steps to generate a rough estimate of a transmitter based on SRTM-3 elevation data, as well as a new feature enabling visualization/calculations of the path between transmitter and receiver .

Topics and hands on (pre-recorded) demonstrations will include the following,

  • SPLAT! is an RF Signal Propagation, Loss, And Terrain analysis tool for the electromagnetic spectrum between 20 MHz and 20 GHz.
  • Signal Server Multi-threaded RF coverage calculator
  • Dr. Bill Walker's role
  • Signal Server and DragonOS integration
  • DF-Aggregator Developer / Modifications for visualization

I’ll conclude talking about future improvements to RF propagation and visualization tools."

DEF CON 29 RF Village - cemaxecuter - RF Propagation and Visualization with DragonOS

Continue reading

OpenWebRX Updated to V1.1.0

Thank you to Jason for writing in and letting us know that OpenWebRX Version 1.1.0 has been released on August 03. OpenWebRX is an open source program that allows users to make RTL-SDRs, KiwiSDRs and other SDRs accessible over the internet via a web browser. It is is currently available as a Raspberry Pi SD card image, in the Debian + Ubuntu repositories, as a docker image, or for manual installation. 

The latest version adds an AMBE voice data decoder, new decoders and metadata displays for NXDN and D-Star, and crisper SVG graphics.

Since we last posted about OpenWebRX updates in early 2020, there has also been support added for the Perseus-SDR, RadioBerry 2, Hermes HPSDR, Funcube Dongle Pro+ software defined radios. New decoders and support for external decoders such as JS8Call, FreeDV, Wideband FM, DREAM DRM,  FST4, FST4W, Q65 and M17 digital voice have been added.

There is also now a site called Receiverbook.de that aggregates a list of publicly available OpenWebRX receivers.

OpenWebRX Interface

NEWSDR 2021 Conference to be held Virtually on August 20

The 11th New England Workshop on Software Defined Radio (NEWSDR 2021) will again be held online this year due to the ongoing pandemic. It is due to begin on Friday, 20 August 2021, 9:00 AM (EDT) – 5:30 PM (EDT). Registration is completely free. 

The 11th iteration of NEWSDR will be held in a fully virtual format on August 20, 2021. The event will include a series of talks from invited speakers and our industry sponsors (Analog Devices, Ettus/NI, Lynk, MathWorks, and MediaTek) along with interactive breakout sessions, poster sessions, and sponsor/exhibitor booths within the Gather virtual meeting platform.

Registration is completely free and we are also accepting submissions for poster presentations and elevator pitches!

A livestream link has already been set up on YouTube for the 20th, so if interested you can set a reminder using the YouTube reminder feature.

All presentations from the 2020 NEWSDR virtual conference can be viewed on the YouTube video below.

NEWSDR 2020 :: 10th New England Workshop on Software-Defined Radio

EZNEC Pro Antenna Modelling Software will be free from 2022

EZNEC is a popular antenna modelling program created by W7EL which is based on the "Numerical Electromagnetics Code" or NEC. With a NEC based antenna modelling program it is possible to design antennas by modelling their geometry and connections, and then simulating parameters like radiation pattern gain and VSWR. You can also determine the effects of height, roof angles, nearby objects and more.

Originally the pricing was $99 for EZNEC, $149 for EZNEC+, $525 for EZNEC Pro/2 and $675 for EZNEC Pro/4. W7EL is retiring and from Jan 1 2022 EZNEC Pro/2 and EZNEC+ will be made free, and EZNEC Pro/4 will be discontinued. The source code will not be released, and no support will be provided.

If you're after a free NEC based antenna modeler today, 4NEC2 is a similar program that is already free. There is also the recently released and more modern CENOS, which is free for hobbyist use.

The EZNEC Software

The KiwiSDR Backdoor Situation

Since it's announcement in early 2016 we've posted many times about the KiwiSDR, a 14-bit wideband RX only HF software defined radio created by John Seamons (ZL/KF6VO). The KiwiSDR has up to 32 MHz of bandwidth, so it can receive the entire 10 kHz - 30 MHz VLF/LF/MW/HF spectrum all at once.

Compared to most other SDRs the KiwiSDR is a little different as it is designed to be used as a public web based SDR, meaning that KiwiSDR owners can optionally share their KiwiSDR online with anyone who wants to connect to it. The public functionality allows for some interesting distributed applications, such as TDoA direction finding, which allows users to pinpoint the location of unknown HF transmissions such as numbers stations.

In order to implement this online capability, the KiwiSDR runs custom open source software on a Beaglebone single board computer which connects to your home network. Recently there has been vocal concern about a security flaw in the software which could allow hackers to access the KiwiSDR. The flaw stems from the fact that the KiwiSDR has 'backdoor' remote admin access that allows the KiwiSDR creator to log in to the device and troubleshoot or make configuration changes if required. This backdoor has been public knowledge in the KiwiSDR forums since 2017, although not advertised and explicit consent to have it active and used was not required.

The intent of the backdoor is of course not malicious, instead rather intended as an easy way to help the creator help customers with configuration problems. However, as KiwiSDR owner Mark Jessop notes, the KiwiSDR operates in HTTP only, sending the admin master password in the clear. And as KiwiSDR owner and security researcher @xssfox demonstrates, the admin page gives full root console access to the Beaglebone. These flaws could allow a malicious party to take over the Beaglebone, install any software and perhaps work their way onto other networked devices. Another tweet from xssfox implies that the password hashes are crackable, allowing the main admin password to be easily revealed.

Creator John Seamons has already released a patch to disable the admin access, and as of the time of this article 540 out of 600 public KiwiSDRs have already been auto-updated. Owners of KiwiSDR clones should seek out updates from the cloner.

It is clear that the KiwiSDR is a passion project from John who has dedicated much of his time and energy to consistently improving the technical RF engineering side of the device and software. However we live in an age where malicious hacking of devices is becoming more common, so anyone releasing products and software that network with the internet should be reminded that they have a responsibility to also dedicate time to ensuring security.

John has reached out to us in advance and noted that he currently cannot yet comment publicly on this topic due to legal advice.

The KiwiSDR
The KiwiSDR

Airspy Summer Promo: 20% Off Airspy Products Including YouLoop in our Store

Airspy is currently holding a 20% off summer promotion which runs from June 28th until Julty 4th 2021. The sale is active at all participating resellers, which includes our own store where we have the YouLoop on sale for US$27.96 including free shipping to most countries in the world, instead of the usual US$34.95. Please note that due to new EU VAT collection laws, EU customers must purchase the discounted YouLoop from our eBay or Aliexpress stores. 

The YouLoop is a low cost passive loop antenna for HF and VHF. It is based on the Möbius loop design which results in a high degree of noise cancelling. However the main drawback is that it is a non-resonant design, which means that it works best when used with ultra sensitive receivers like the Airspy HF+ Discovery. 

Some good reviews include the YouTube videos done by Frugal Radio where he reviews HF reception and VLF & LF reception with an Airspy HF+, and later tests it with an RTL-SDR Blog V3 using direct sampling. Techminds also has an excellent review on his YouTube channel. We also have a product release overview on this post from March 2020.

Crimean Resident Arrested under Accusation of Spying for Ukraine with RTL-SDR Dongles

Back in early 2014 Crimea was annexed from the Ukraine by Russian forces. Recently we've heard news that a Crimean resident was arrested by the Russian Federal Security Service under the suspicion of being a Ukrainian informant who was intending to transfer, or was transferring military data abroad using RTL-SDRs.

A video of the arrest has been uploaded to YouTube, and RTL-SDR dongles running with the Airspy SDR# software on his laptop can clearly be seen as having been photographed. The photos of the SDR# screen appear to show that he was monitoring the commercial aviation band with a scanner plugin.

The YouTube description is translated below:

Today it was reported about the arrest of a Crimean resident, either intending to transfer, or transferring military data abroad.

The FSB has published footage of the arrest. The time on the laptop caught on the video during the search of housing 07:40 date 06/22/21. The laptop is turned on, the AIRSPY radio frequency scanning program is running, the laptop is in the dust - only traces of pressing some keys are visible, and the touchpad was not used. There are many icons in the room, books on radio engineering, a Ukrainian flag, aircraft models, several pennants "Tavria 1958", an ICOM IC-R6 radio, maps.

The detainee transferred the information received to Ukraine on one basis, collected it on the other and intended to transfer it.

The court sent the man to the pre-trial detention center for 2 months. If his guilt is proven, then high treason "shines" and does not shine to see the will for 25 years.

According to an article on RadioFreeEurope, the man was detained as he was "collecting data on the flights of Russian military planes for Ukrainian intelligence".

It is unclear if the man was knowingly providing intelligence services, or is simply an aviation hobbyist caught up in politics. If anyone has more information about his story, please let us know in the comments.

UPDATE 29 June 2021: More information on the story at this link.

Украинский осведомитель был футбольным фаном. Болел за «Таврию»

Crimean resident arrested for using RTL-SDRs to monitor the airband
Commercial Aviation Frequencies Monitored

This is a reminder to those in politically dangerous situations to take care when using SDRs. In the past we have seen a Slovenian researcher almost jailed for performing University research with an RTL-SDR, a UN expert arrested for possessing an RTL-SDR in Tunisia, and SDRs come under fire when Trump tweeted a now-debunked conspiracy theory on how an RTL-SDR was being used as a close range scanner by the black lives matter protestor who was shoved to the ground on video by Buffalo police.

CaribouLite: A 30-6000 MHz 13-bit 4MHz SDR HAT for the Raspberry Pi

Thank you to David for submitting news about his company Caribou Labs' new product called "CaribouLite" which will be a software defined radio HAT for the Raspberry Pi. The product is currently in the pre-launch stage over on Crowd Funding platform CrowdSupply and you can sign up for future updates on the release. David writes:

I'd like to inform you of a product we have developed called CaribouLite board, which is essentially a Raspberry Pi HAT that enabled up to 6GHz SDR capabilities Tx and Rx, and an additional TxRx Sub 1GHz channel.

It uses Microchip's modem AT86RF215 as an I/Q ADC, DAC and frequency conversion is done using Qorvo's RFFC5072 IC. An FPGA (ICE40) is used to stream data packets (I/Q @ 13 bit x2 / sample) back and forth between the Raspberry Pi and the Modem, over an interesting fast interface called SMI.

I think this project brings new ideas to the table and would be interesting to the SDR community.

The use of the SMI interface is an interesting idea and not something we see utilized often as apparently the official documentation is sparse and poor. But David notes how it allows for up to 500Mbit/s of data to be exchanged between the FPGA and Raspberry Pi, although the true throughput depends on the specific Raspberry Pi model used. Regardless the SMI data rate is more than enough for the 120 MBit/s required by the two streams of 13-bit IQ data that the CaribouLite generates.

The campaign also notes that the sample rate is 4 MSPS, with 4 MHz bandwidth, and up to 14 dBm of transmit power is possible. They also note that they are planning to release a wide range of library code that allows for use cases such as wide range spectrum analysis, a signal / protocol generator, an analog / digital DAB+ receiver, an ADS-B receiver and more.

The software and hardware design is also fully open source and available on GitHub.

The CaribouLite SDR HAT mounted on a Raspberry Pi Zero