DEF CON 27 SDR Talks: Antennas for Surveillance, Ford Keyfob Hack, Smart TV Wireless Side Channel Attack
Talks from this years DEF CON 27 conference which was held back in August are now available on YouTube. DEFCON is a yearly conference that a focuses on information security topics and often includes talks about SDRs and other wireless radio topics too. In particular we wanted to highlight the the DEF CON 27 Wireless Village playlist which contains numerous talks related to wireless, radio and SDRs.
Most talks from the wireless village relate to WiFi, but one talk with some very useful information that we really enjoyed was "Antennas for Surveillance" by Alex Zakhorov.
We will cover the various kinds of antennas available to optimized your SDR radio for different types of spectrum monitoring. We will also explain why RF filters are necessary on most SDR's and when Low Noise Amplifiers help, and when Low Noise Amplifiers hurt reception.
Another interest talk was called "The Ford Hack Raptor Captor video" by Dale Wooden (Woody) where he shows how he used an RTL-SDR and HackRF to hack a Ford car key fob. If you're interested we wrote about the Hak5 videos on this hack in a previous post.
This talk will show flaws with development of security protocols in New Ford key fobs. This will exploit several areas. The ability for a denial of service to the keyfob WITHOUT jamming. How to trick the vehicle into resetting its rolling code count. How to lock, unlock, start, stop, and open the trunk of ford vehicles using a replay attacked after resetting rolling code count. How to find the master access code for Fords keypad to bypass security. This talk will also demonstrate how to reset your key fobs if they are attacked by a deauth attack. We will also demonstrate gnu-radio script to automate RF collection of Ford key fobs. As seen on HAK5 episodes 2523-2525
Outside of the Wireless village there were also some interesting SDR topics including this talk titled "SDR Against Smart TVs URL Channel Injection Attacks" by Pedro Cabrera Camara. If you're interested we also wrote about Pedro's work in a previous post.
Software-defined-radio has revolutionized the state of the art in IoT security and especially one of the most widespread devices: Smart TV. This presentation will show in detail the HbbTV platform of Smart TV, to understand and demonstrate two attacks on these televisions using low cost SDR devices: TV channel and HbbTV server impersonation (channel and URL injection). This last attack will allow more sophisticated remote attacks: social engineering, keylogging, crypto-mining, and browser vulnerability assessment.