Attacking Internet of Things with Software Defined Radio

Presented at DeepSec 2018 „I like to mov &6974,%bx“, Unknown date/time (Unknown duration)

Participants will learn how to reverse engineer the wireless communication between Internet Of Things devices with Software Defined Radios (SDR) using the Universal Radio Hacker (URH). The workshop covers required HF basics such as digital modulations and encodings and shows how to reveal the protocol logic step by step and, finally, develop attacks against devices. For demonstration we will investigate and attack a wireless socket and a smart home door lock. During the course of the workshop the communication of the two devices will be analyzed and reverse engineered. In conclusion, attacks on both devices will be developed. By the end of the workshop we'll be able to switch the socket and open the door lock with SDRs. This of course requires knowledge in the field of modulation, coding and Log formats, which will be pracitcally conveyed during the workshop. "Learning by doing" is the motto. For this to work, the participants need their own computer to operate the software (Universal Radio Hacker) which we use to analyze the signals and bring them back in. If attendees already own a software defined radio (f.ex.HackRF), they can record the signals and attack the devices themselves. If that's not the case, I can make the signals available online so participants can download and import them into the Universal Radio Hacker. In short: What do I need? Must have: laptop / calculator Nice to have: Software Defined Radio (f.ex. HackRF) What awaits me? - Picking up of raw signals with Software Defined Radios - Demodulation of raw signals to get Bits - Decoding of the Bits - Reverse engineering of the protocol format (where are addresses,sequence numbers etc.) - Developing of attacks with fuzzing and simulation We will elaborate this on the basis of two practical examples.

Presenters:

• Johannes Pohl - Hochschule Stralsund
  Johannes Pohl studied Computer Science at the University of Applied Sciences Stralsund and received his Master of Science in 2013. Since then he works there as a PhD student and conducts research in the area of Location Privacy and Wireless Security. He worked for two years in DevOps research at Boreus Data Center, Germany. Since March 2017 he works as a Scientific Co-Worker at the University of Applied Sciences, Stralsund.

Links:

• https://deepsec.net/archive/2018.deepsec.net/speaker.html#WSLOT377

Similar Presentations:

• ShmooCon XIII (2017) / So You Want to Hack Radios
• 44CON 2017 / So You Want to Hack Radios
• Black Hat Asia 2015 / Hacking the Wireless World with Software Defined Radio - 2.0