Defcon is a huge yearly conference based on the topics of information security and hacking. Some of the talks relate to wireless and SDR concepts. Recently videos from the last Defcon 25 conference held in July 2017 have been uploaded to YouTube. Below is a selection of some interesting SDR and radio related talks that we have found. If you're interested in exploring the rest of the talks then you can find them on their YouTube page. Most of the radio related talks are in the 'WiFi Village' category.
DEF CON 25 Wifi Village - Balint Seeber - Hacking Some More of the Wireless World
The hacking continues on from last year! Three interesting applications will be demonstrated, and their underlying theory and design explained. The audience will be exposed to some novel GNU Radio tips and DSP tricks. INMARSAT Aero will be revisited to show (in Google Earth) spatial information, such as waypoints and flight plans, that are transmitted from airline ground operations to airborne flights. A good chunk of the VHF band is used for airline communications; plane spotters enjoy listening to tower and cockpit communications.
Modern SDRs can now sample the entire band, and as AM modulation is used, it's possible to use a counterintuitive, but simple, demodulator chain (first shown by Kevin Reid's wideband 'un-selective AM' receiver) to listen to the most powerful transmission. This will be demonstrated with a GNU Radio-based implementation. It is also possible to 'spatialise' the audio for the listener using stereo separation, which can convey a transmission's relative position on the spectrum. FMCW RADAR experiments are enhanced to include Doppler processing.
Plotting this new velocity information, due to the Doppler effect, shows whether a target is heading toward or away from you, and often reveals targets not normally seen in range-only information - this demonstrates the true power of full RADAR signal processing. This technique will be applied to the live audio demo, a new live SDR demo, CODAR ocean current tracking, and passive RADAR exploiting powerful ATSC digital television signals (this was used to track aircraft on approach across the Bay Area).
DEF CON 25 - Matt Knight - Radio Exploitation 101
What do the Dallas tornado siren attack, hacked electric skateboards, and insecure smart door locks have in common? Vulnerable wireless protocols. Exploitation of wireless devices is growing increasingly common, thanks to the proliferation of radio frequency protocols driven by mobile and IoT. While non-Wi-Fi and non-Bluetooth RF protocols remain a mystery to many security practitioners, exploiting them is easier than one might think.
Join us as we walk through the fundamentals of radio exploitation. After introducing essential RF concepts and characteristics, we will develop a wireless threat taxonomy by analyzing and classifying different methods of attack. As we introduce each new attack, we will draw parallels to similar wired network exploits, and highlight attack primitives that are unique to RF. To illustrate these concepts, we will show each attack in practice with a series of live demos built on software-defined and hardware radios.
Attendees will come away from this session with an understanding of the mechanics of wireless network exploitation, and an awareness of how they can bridge their IP network exploitation skills to the wireless domain.
DEF CON 25 Car Hacking Village - Weston Hecker - Grand Theft Radio Stopping SDR Relay Attacks
This talk discusses the security behind passive keyless entry systems, and how to protect against wireless attacks.
DEF CON 25 Car Hacking Village - Montalbano, Gillispie, Connett - Attacking Wireless Interfaces
This talk discusses security vulnerabilities related to wireless interfaces found in modern cars. In particular they show how they use a HackRF and GNU Radio in wireless keyfob analysis. They also show how to build a directional helical GPS antenna and how it could be used for GPS spoofing.
DEF CON 25 Wifi Village - Eric Escobar - SecureWorks: SDR Replay Attacks On Home Security Systems
This presentation will dive into hacking wireless security systems present in many residential homes. A number of common wireless sensors are susceptible to a wide range of vulnerabilities including denial of service attacks, replay attacks and information disclosures. Sensors that detect motion, smoke, water leaks, gas leaks and open doors use similar weak communication protocols. Weaknesses in these sensors can present a juicy target to a tech savvy thief. With a Raspberry Pi and an Arduino, it's possible to exploit these weaknesses as well as create your own robust alarm system. With this system, you can customize text message alerts and detect a denial of service attack. This presentation will discuss how to exploit these vulnerabilities and how to use the same exploits to defend against the dark arts.
DEF CON 25 Wifi Village - Matt Blaze - Sigint for the rest of us
Practical weaknesses on P25 radio encryption, and how we exploited them.
DEF CON 25 Wifi Village - Robert Ghilduta - Designing An Automatic Gain Control
The presentation will describe the requirements and design methodology behind the bladeRF's newly released VHDL Automatic Gain Control. The talk will walk SDR beginners through the RF gain architecture of modern radios and explain why gain control is required. The talk will then use the bladeRF as an example, and show what it took to develop the AGC in VHDL.
DEF CON 25 - Caleb Madrigal - Controlling IoT devices with crafted radio signals
In this talk, we'll be exploring how wireless communication works. We'll capture digital data live (with Software-Defined Radio), and see how the actual bits are transmitted. From here, we'll see how to view, listen to, manipulate, and replay wireless signals. We'll also look at interrupting wireless communication, and finally, we'll even generate new radio waves from scratch (which can be useful for fuzzing and brute force attacks). I'll also be demoing some brand new tools I've written to help in the interception, manipulation, and generation of digital wireless signals with SDR.