Cyberspectrum is a monthly software defined radio meetup that is held in San Francisco. During this meetup presenters show and discuss their SDR related work. The 12th Cyberspectrum meetup is occurring right now and this time there will be presentations from amateur radio astronomer Marcus Leech from Canada and wireless security researcher Tobias Zillner from Austria.
There is a live stream on YouTube shown below, and after it finishes it will also be available for viewing:
Edit: Stream is over. Marcus Leech gave a nice talk that gave an overview or amateur radio astronomy and explained some of his set up where he uses RTL-SDR dongles as the receiver.
The overview of today’s presentations are as follows:
• Marcus Leech from SBRAC: “An integrated proof-of-concept ‘all-digital’ feed for 21cm radio astronomy”
We show ongoing work in designing and building a proof-of-concept ‘all digital’ feed for 21cm radio astronomy experiments. While many professional radio astronomy observatories are using “digitize at the feed” techniques, amateur experiments (and successes) in this are very close to non-existent.
Digitizing at the feed carries many advantages, including overall system gain stability, and the ability to carry signals over cheap ethernet-over-fiber links.
We’ll show an example feed arrangement that uses a differential radiometry approach, and does much of the initial processing right at the feed, including radiometry and spectral calculations, sending summary data to an ordinary PC host over ethernet.
Challenges and pitfalls will be discussed.
• Tobias Zillner from Cognosec: “ZigBee Smart Homes – A Hacker’s Open House”
ZigBee is one of the most widespread communication standards used in the Internet of Things and especially in the area of smart homes. If you have for example a smart light bulb at home, the chance is very high that you are actually using ZigBee by yourself. Popular lighting applications such as Philips Hue or Osram Lightify and also popular smart home systems such as SmartThings or Googles OnHub are based on ZigBee. New IoT devices have often very limited processing and energy resources. Therefore they are not capable of implementing well-known communication standards like Wifi. ZigBee is an open, public available alternative that enables wireless communication for such limited devices.
ZigBee provides also security services for key establishment, key transport, frame protection and device management that are based on established cryptographic algorithms. So a ZigBee home automation network with applied security is secure and the smart home communication is protected?
No, definitely not. Due to “requirements” on interoperability and compatibility as well as the application of ancient security concepts it is possible to compromise ZigBee networks and take over control of all included devices. For example it is easily possible for an external to get control over every smart light bulb that supports the ZigBee Light Link profile. Also the initial key transport is done in an unsecured way. It is even required by the standard to support this weak key transport. On top of that another vulnerability allows third parties to request secret key material without any authentication and therefore takeover the whole network as well as all connected ZigBee devices. Together with shortfalls and limitations in the security caused by the manufacturers itself the risk to this last tier communication standard can be considered as highly critical.
This talk will provide an overview about the actual applied security measures in ZigBee, highlight the included weaknesses and show also practical exploitations of actual product vulnerabilities. Therefore new features in the ZigBee security testing tool SecBee will be demonstrated and made public available.