Presented at
DEF CON 31 (2023),
Aug. 11, 2023, 3 p.m.
(45 minutes)
Nearly 1,800 weather balloons are launched across the world on any given day. As the balloon goes up it expands and pops at an altitude up to 33 Km (110K feet) above the earth.The flight payload is called a radiosonde. It measures pressure, temperature, relative humidity, position, and velocity during its flight, and transmits the data to a sounding receiver. One or two missing weather balloons won't impact the daily forecast. However, many missing balloons could lead to errors in weather models and forecasts. Weather balloons are also important for gathering weather data for satellite launches and human spaceflights, as launches are often delayed or scrubbed due to upper-level wind shear.
In this talk, I present a simulation framework for the most popular radiosonde model. It enables an attacker to generate radiosonde messages or alter logged messages for retransmission. I also present simulations of a jamming attack and a spoofing attack on a sounding receiver:
During a jamming attack, the receiver is unable to receive transmissions from active radiosondes.
During a spoofing attack, the transmitter sends fake radiosonde messages to a target receiver, identifying as an active radiosonde.
I'll talk about the shortcomings of the military variant of the radiosonde model and suggest a simple way to cope with spoofing attacks.
REFERENCES:
Vredenbregt L., "How many weather balloons are out there? Hundreds, it turns out", https://abcnews.go.com/Politics/weather-balloons-hundreds-turns/story?id=97082985, Feb 13, 2023.
Dudley I., "Weather balloons and rocket science", https://www.vandenberg.spaceforce.mil/News/Features/Display/Article/737270/weather-balloons-and-rocket-science/
bazjo, "RS41 Decoding", https://github.com/bazjo/RS41_Decoding
rs1729, "RS", https://github.com/rs1729/RS
projecthorus, "radiosonde_auto_rx", https://github.com/projecthorus/radiosonde_auto_rx
sondehub, https://github.com/projecthorus/radiosonde_auto_rx
"Upper-air Observations Program", https://www.weather.gov/upperair/
Mass C., "Wind Shear: When the Atmospheric Seems to be Tearing Itself Apart", https://cliffmass.blogspot.com/2017/05/wind-shear-when-atmospheric-seems-to-be.html
Jessop M., "Top Radiosonde types", https://twitter.com/vk5qi/status/1170215238978830339
Lada B., "3 weather obstacles that SpaceX faces when launching rockets into space", https://www.accuweather.com/en/space-news/types-of-weather-that-can-delay-a-spacex-rocket-launch/352407
Nasa, "Falcon 9 Crew Dragon Launch Weather Criteria", FS-2020-05-568-KSC, www.nasa.gov
Frielingsdorf J., "An Open-Source Documentation and Implementation of the Vaisala RS41 Data Preparation Algorithms", WMO Technical Conference on Meteorological and Environmental Instruments and Methods of Observation, Oct. 11, 2022
Cadence PCB Solutions, "What is Signal to Noise Ratio and How to calculate it?", https://resources.pcb.cadence.com/blog/2020-what-is-signal-to-noise-ratio-and-how-to-calculate-it
Vaisala, "Vaisala Radiosonde RS41-SGP Data Sheet", www.vaisala.com, B211444EN-E, 2017
Vaisala, "Vaisala Radiosonde RS41-SG Data Sheet", www.vaisala.com, B211321EN-K, 2020
Vaisala, "Vaisala Radiosonde RS41-SGM Data Sheet", www.vaisala.com, B211448EN-E, 2017
Presenters:
-
Paz Hameiri
- Hacker
Paz started his professional life more than 30 years ago, hacking games and developing tools in his teen years. Since then, he has worked in several companies, developing both hardware and software. Paz has six years of experience with telecommunication systems design and circuits.
For 14 years, Paz led multidisciplinary systems development as a systems engineer in the aerospace industry. At home, Paz explores ideas he finds interesting.
In 2019 he published a work on a body-tracking device that records keystrokes on a safe's keypad in Hakin9 Magazine. In 2021 he developed software that used a GPU as a digital radio transmitter and presented his work at DEF CON 29. In 2015 and 2019 he launched weather balloons with elementary school pupils.
Links:
Similar Presentations: