Lora Smart Water Meter Security Analysis

Presented at DEF CON 26 (2018), Aug. 10, 2018, 11 a.m. (45 minutes).

To avoid the tedious task of collecting water usage data by go user's home _ water meters that are equipped with wireless communication modules are now being put into use, in this talk we will take a water meter _which is using Lora wireless protocol_ as an example to analyze the security and privacy risks of this kind of meters_we will explain how to reverse engineer and analyze both the firmware and the hardware of a water meter system, we will be talking about its security risks from multiple perspectives , physical, data link, and sensors. Do notice that LORA is not only used in water meter ,it is being used in a lot of IoT scenarios_so the methods we employed to analyze LORA in this talk are also useful when you do tests of other LORA based systems .

Presenters:

  • Yingtao Zeng - Security Researcher at UnicornTeam, Radio Security Research Department of 360 Security Technology
    Yingtao Zeng is a security researcher at UnicornTeam in the Radio Security Research Department of 360 Technology. He mainly focus on the security of Internet of things, car remote control systems and automotive radar safety research. He has found vulnerabilities in a variety of automobile manufacturers including Tesla, Buick, Volvo, Chevrolet, Toyota, Nissan, BYD and more. He has presented his researches at conferences like HITB, DEF CON Car Hacking Village, Black Hat Arsenal etc.
  • Lin Huang - Senior Wireless Security Researcher and SDR technology expert, 360 Security Technology
    Lin HUANG is a senior wireless security researcher and the manager of UnicornTeam in 360 Technology. She is also the 360 Technology's 3GPP standard SA3 delegate and a research supervisor for master students in BUPT. Her interests include security issues in wireless communication, especially cellular network security. She was a speaker at BlackHat, DEF CON, and HITB security conferences.
  • Jun Li - Senior Security Researcher, Radio Security Department of 360 Security Technology
    Jun Li is a senior security researcher at the UnicornTeam, Qihoo 360. He is the POC of DEF CON Group 010, and member of the DEF CON Group Global Advisory Board. His researches have been presented at conferences such as Blackhat, DEF CON, HITB, KCon, SyScan360, ISC, etc. His is interested in IoT security and connected car security. Along with his colleagues, has previously found several automobile vulnerabilities in Tesla, GM cars, Volvo, BMW, Audi, Mercedes Benz and BYD. He is the author of > ("Connected Car Security Demystified"). He is also the co-author of "Inside Radio: An Attack & Defense Guide".

Links:

Similar Presentations: