Tagged: black hat

Black Hat USA 2020 will be a Virtual Event

Black Hat is a yearly conference about information security related topics. Whilst not as common as in other RF focused conferences, there are often talks related to software defined radio and RF in general. For example, recently they have uploaded videos of talks from their 2018 event and one talk titled "Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers" shows how a HackRF SDR can be used to help break the cryptography of bluetooth AES encryption via RF noise unintentionally emitted by components in the transmitter.

Due to the current global pandemic, the conference organizers have decided that the 2020 conference to be held in Las Vegas during August 1-6 will instead be held virtually. They write:

MAY 8, 2020
We have been continuously reviewing the best ways to serve the information security community over the past few months as the global health situation continues to develop. While we will not be meeting in person, we are moving forward with a plan to transform Black Hat USA into an all-virtual event in order to best serve our community.

We're inspired to adapt Black Hat USA in a virtual format that will be available to our entire global community. Our team is working hard to deliver the same level of high-quality Briefings, Trainings and Business Hall programs that Black Hat attendees have come to expect every year.

We believe in the power of gathering our community to share, inspire, and strengthen our industry and are committed to providing that opportunity in August. We look forward to sharing more information about Black Hat’s virtual event soon.

Steve Wylie, Black Hat General Manager

We note that the GNU Radio conference which will be held on September 14 will also be held virtually

Black Hat Software Defined Radio Talks

Black Hat, a large conference about information security related topics has recently finished and videos of some of the talks given have now been uploaded to YouTube. This year we have found three talks related to Software Defined Radio.

Breaking the Security of Physical Devices by Silvio Cesare

We posted about Silvio’s successful attempt at breaking into a car wirelessly earlier this month and now here is his presentation.

In this talk, I look at a number of household or common devices and things, including a popular model car and physical security measures such as home alarm systems. I then proceed to break the security of those devices. The keyless entry of a 2004/2005 popular make and widely used car is shown to be breakable with predictable rolling codes.

The actual analysis involved not only mathematics and software defined radio, but the building of a button pushing robot to press the keyless entry to capture data sets that enable the mathematical analysis.

Software defined radio is not only used in the kelyess entry attack, but in simple eavesdropping attacks against 40mhz analog baby monitors. But that’s an easy attack. A more concering set of attacks are against home alarm systems. Practically all home alarm systems that had an RF remote to enable and disable the system were shown to used fixed codes. This meant that a replay attack could disable the alarm.

I built an Arduino and Raspberry Pi based device for less than $50 dollars that could be trained to capture and replay those codes to defeat the alarms. I also show that by physically tampering with a home alarm system by connecting a device programmer, the eeprom data off the alarm’s microcontroller can be read. This means that an attacker can read the secret passcode that disables or enables the alarm.

In summary, these attacks are simple but effective in physical devices that are common in today’s world. I will talk about ways of mitigating these attacks, which essentially comes down to avoiding the bad and buying the good. But how do you know what’s the difference? Come to this talk to find out.

Breaking the Security of Physical Devices by Silvio Cesare

Bringing Software Defined Radio to the Penetration Testing Community

Online slides.

“The large adoption of wireless devices goes further than WiFi (smartmeters, wearable devices, Internet of Things, etc.).

The developers of these new types of devices may not have a deep security background and it can lead to security and privacy issues when the solution is stressed.

However, to assess those types of devices, the only solution would be a dedicated hardware component with an appropriate radio interface for each one of them.

That is why we developed an easy-to-use wireless monitor/injector tool based on Software Defined Radio using GNU Radio and the well-known scapy framework.

In this talk, we will introduce this tool we developed for a wide range of wireless security assessments: the main goal of our tool is to provide effective penetration testing capabilities for security auditors with little to no knowledge of radio communications.”

Bringing Software Defined Radio to the Penetration Testing Community

AIS Exposed. Understanding Vulnerabilities and Attacks 2.0

Attacking AIS using software defined radio.

AIS Exposed. Understanding Vulnerabilities and Attacks 2.0 by Marco Balduzzi