Tagged: internet of things

Helium: The SDR Based Cryptocurrency for IoT

Helium is a cryptocurrency being designed for internet of things (IoT) sensors which will be based on low cost software defined radio (SDR) technology - that's a lot of buzzwords!. The idea is to design a system that will pay people to run an internet connected gateway which will receive data from wireless sensors, and put that data onto the internet. A use case that Helium has already developed is providing services to track and monitor medicine and food supplies. The linked article gives a good example of this use case:

...let’s say you have a gateway in your house: if a vial of medicine were to enter your coverage zone, it would send its location and temperature data to your gateway, which would then send it to its proper destination in return for a previously agreed upon cryptocurrency fee. These steps would then be cryptographically verified and recorded in the distributed ledger.

In terms of IoT network competition, LoraWan and SigFox IoT networks are already popular and established in several places in the world, but wireless coverage isn't great because these networks rely on companies to build gateway infrastructure. Helium crowd sources this infrastructure instead, which could result in greater coverage.

Most cryptocurrencies base the security of their network on the 'proof of work' process, which is a way to ensure that the miners get rewarded for the heavy cryptographic computations that they do in order to secure the network. Instead of proof of work, Heliums idea is to use a 'proof of coverage' system, where other gateways will confirm if a gateway is providing coverage and is in the correct location. Helium cryptocurrency 'miners' will be the people running the internet connected gateways, and they will be paid for any devices that use their wireless coverage.

According to one of their latest blog posts, the wireless gateway radio system is to be based on a software defined radio architecture. The reasoning behind using SDR is that they need to support potentially thousands of wireless sensor channels, require the sensors to be able to be geolocated, and require the radio to be low cost and energy efficient. For geolocation of sensors they are considering the use of radio direction finding techniques that we assume will be based on pseudo-doppler, or alternatively they will use the time difference of arrival (TDoA) technique which requires the signal to be received by multiple gateways. The SDR will be developed on a dual core TI SoC, with four programmable realtime units (PRU), which they'll use to interface with the RF chips.

At the moment Helium is just a whitepaper, and we haven't seen any concrete evidence of a working SDR design yet, but according to their website they plan to launch gateway hardware in Q4 2018 for a cost of $495. 

The Helium Network
The Helium Network

Identifying Issues that can be used to Disable IoT Alarms

Seekintoo cybersecurity researcher Dayton Pidhirney has been investigating security flaws in wireless IoT (Internet of Things) based alarm systems, and has identified six issues that can be used to bypass or disable an alarm. Five attack the RF portion of the IoT device, and one through the traditional IP network.

In his post he specifically attacks the iSmartAlarm (ISM). This is an IoT home alarm system that comes with several sensors, and can be controlled via an app on your smartphone. The unit uses the Texas Instruments CC1110 RF SoC, which implements the SimpliciTI low-power radio network protocol. Dayton notes that the majority of attacks not specific to a single manufacturer, and could be applied to other IoT devices as well.

Using a variety of hardware including a logic analyzer, Yardstick One, GoodFET, RFCat, USRP B210 software defined radio and several pieces of software including GNU Radio, GQRX, Baudline, Audacity, Dayton was able attack the alarm in the following ways:

  • Brute-force attack on the alarm system device source addresses.
  • Remotely clone authenticated devices used to interact with the alarm system security features.
  • Decryption of authenticated devices radio communications, allowing remote attackers to craft packets used to send arbitrary commands to the alarm system.
  • RF Jamming.
  • Assisted replay attack.

The post goes into deep detail on the methods he used to reverse engineer the device and is a great tutorial for anyone wanting to get into wireless IoT security research.

The iSmartAlarm IoT wireless alarm system
The iSmartAlarm IoT wireless alarm system

SoDeRa: An upcoming low cost app-enabled open-source 100 kHz to 3.8 GHz SDR Transceiver

A new software defined radio called SoDeRa (SOftware DEfined RAdio) is currently under joint development by companies Canonical (the company behind the Ubuntu OS) and Lime Micro. SoDeRa is based on the new Lime Microsystems LMS7002M Transceiver chip which has a 100 kHz – 3.8 GHz range. The transceiver chip interfaces with an Altera Cyclone IV FPGA with 256 MB of RAM and a USB3 controller, and the whole radio will have 4x TX outputs and 6x RX inputs.

SoDeRa Block Diagram
SoDeRa Block Diagram

The people behind this SDR are currently marketing SoDeRa as “the Arduino of the Telecom and Radio Engineer”. It appears to be designed mainly to implement IoT and other radio communications protocols, but it also sounds like it could find excellent use in the hobby and amateur market as well as have benefits for the average person. Interestingly, the developers also plan to implement an app store which would allow you to essentially download a radio and instantly configure the SoDeRa SDR for any desired protocol or application. They write:

This is the first time that a revolutionary device for which we are organising a joint crowd-funding campaign with Lime Microsystems is made public. The #SoDeRa is the cheapest software defined radio you can buy. The #SoDeRa will have an app store and will be able to provide any type of (bi-directional) radio communication going from LTE, Lora, WiFi, GPS, Bluetooth, radar, radio-controlled toys/robots/drone, digital radio, digital TV to even MRI scanners, satellite and air traffic communications by just installing an app. The #SoDeRa is the Arduino of the Telecom and Radio Engineer.

The VP of IoT at Canonical also writes:

The SoDeRa is powerful enough to be a full MiMo LTE base station with long range coverage, provided you add the right antenna. You can via apps put other wireless communication protocols like LoRaWAN, Bluetooth, Zigbee, Z-Wave, GPS, Galileo, Airspace protocols, radar, MRI scanning RF, TV/Radio, any toy/robot/drone control, White Space, etc. But most importantly because of its price and ease of adding more protocols, the SoDeRa will enable anybody to define competing wireless communication protocols and put them into Github. Developers don’t like closed standards like LTE or complex standards like Bluetooth & Zigbee. The future will allow developers to compete against corporations and standardization bodies if they think current standards can be improved upon. The Internet has shown that this dynamic brought us easier standards through adoption like JSON and Yaml vs XML and EDI. Wireless, RF and telecom engineers never had an Arduino like the electronics engineers. The SoDeRa will plug this hole.

Development on SoDeRa is working towards a trend in radio systems where all radio devices are software defined, allowing for futuristic features like advanced spectrum control and the ability to change protocols on the fly. They write:

Including #SoDeRa in any type of smart device will greatly reduce the cost of deploying a mobile base station network because by open sourcing the hardware design it will become commodity. By including software defined radio in lots of devices, often with a completely different purpose, will allow these devices to become a smart cell via installing an extra app. In the future, support for software defined radio will likely be embedded directly in Intel and ARM chips. The foundational steps are already happening. This will likely reshape the telecom industry. Not only from a cost perspective but also from a perspective of who runs the network. Telecom operators that don’t deliver value will see their monopoly positions being put in danger. As soon as spectrum can be licensed on a per hour basis, just like any other resource in the cloud, any type of ad-hoc network can be setup. The question is not if but when. Open sourcing and crowdfunding will make that “when” be sooner than later. Smart operators that align with the innovators will win because they will get the app revenue, enormous cost reductions, sell surplus spectrum by the hour and lots of innovation. Other operators that don’t move or try to stop it will be disrupted. What do you want to be?

At first glance SoDeRa sounds like it will be an expensive device, but on their official website they are currently running a survey asking people what they would be willing to pay, and the lowest price given is $50 – $99. This makes it seem likely that in the future with enough volume SoDeRa could be sold at very low cost and become very popular.

I am willing to pay for 1 unit

  • $50 – $99 (lead time 9 months)
  • $100 – $199 (lead time 6 months)
  • $200 – $299 (lead time 3 months)
  • $300 – $399 (lead time 2 months)
  • $400 – $500 (lead time 1 month)

It sounds like the team behind SoDeRa are gearing up for a crowd funding campaign so we will be keeping an eye on this SDR.

Thanks to RTL-SDR.com reader Serdar (TA3AS) for submitting news about SoDeRa to us.

The SoDeRa SDR
The SoDeRa SDR
The SoDeRa PCB
The SoDeRa PCB

Decoding the LoRa IoT Protocol with an RTL-SDR

The internet of things is set to become the next big thing in technology. The IoT consists of multiple networked devices such as sensors and computers connected in various ways such as via wireless communication protocols. LoRa is an abbreviation of “Long Range” and is one such wireless protocol that is being used in IoT devices. 

[LoRa] is a radio modulation format that gives longer range than straight FSK modulation. This is achieved by a combination of methods: it uses a spread spectrum technique called Chirp Spread Spectrum (CSS) and it uses forward error coding (in combination with whitening and interleaving).

Over at the RevSpace hackerspace, a hardware hacker called bertrik has been working with his RTL-SDR to try and reverse engineer the LoRa protocol. His goal is to make it so that anyone can receive and decode LoRa signals without needing to purchase specific hardware that supports the modulation. The reverse engineering work is not yet finished, but bertrik has already determined many parts of the protocol by looking at the signals in Audacity. He also writes that there is currently a ready made LoRa decoder available for sdrangelove, a Linux based SDR receiver application similar to GQRX and SDR#.

You might also be interested in this previous article we posted about the Z-Wave wireless networking protocol being hacked with a HackRF.

LoRa signals received in the frequency spectrum.
LoRa signals received in the frequency spectrum.