Bringing Software Defined Radio to the Penetration Testing Community

Presented at Black Hat USA 2014, Aug. 6, 2014, 11:45 a.m. (60 minutes).

The large adoption of wireless devices goes further than WiFi (smartmeters, wearable devices, Internet of Things, etc.). The developers of these new types of devices may not have a deep security background and it can lead to security and privacy issues when the solution is stressed. However, to assess those types of devices, the only solution would be a dedicated hardware component with an appropriate radio interface for each one of them. That is why we developed an easy-to-use wireless monitor/injector tool based on Software Defined Radio using GNU Radio and the well-known scapy framework. In this talk, we will introduce this tool we developed for a wide range of wireless security assessments: the main goal of our tool is to provide effective penetration testing capabilities for security auditors with little to no knowledge of radio communications.

Presenters:

  • Jean-Michel Picod - Airbus DS Cyber Security
    Jean-Michel Picod is currently working at Airbus Defence & Space CyberSecurity as the technical leader of pentest, incident response, malware reversing and vulnerability research activities. He holds an engineering degree in computer systems, networks and security. He has contributed on several open source projects (GoodFET, pynids, etc.) and published several open source tools such as DPAPIck, OWADE, forensic scripts, etc.
  • Jonathan-Christofer Demay
    Jonathan is an IT security specialist with diverse professional backgrounds. As an academic researcher, he has been working on vulnerability research, IDS bypassing, and intrusion detection along with general network security. As a consultant for various strategic industries and government bodies, he has been working on computer forensics, reverse engineering, penetration testing, and social engineering.
  • Arnaud Lebrun - AIRBUS Defence and Space CyberSecurity
    Arnaud is an electronics and automation engineer, currently working on wireless and ICS security at AIRBUS D&S CyberSecurity.

Links:

Similar Presentations: