Perimeter
2/10/2011
08:54 AM
John H. Sawyer
John H. Sawyer
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Frequency Hopping Spread Spectrum, Project Ubertooth Detailed At ShmooCon

Two new wireless security projects discussed at ShmooCon focus on bringing low-cost hardware to security researchers

Have you often wanted to research, maybe even get into attacking wireless protocols other than the usual WiFi, but found the cost of the hardware to be off-putting? Several researchers recently presented at ShmooCon 2011 on projects they're working on to reduce the cost of entry for those interested in analyzing wireless protocols used by Bluetooth devices and smart meters.

The first wireless talk was the "Hop Hacking Hedy" (video) presentation by Q, Cutaway, and Atlas. It gave an overview of Frequency Hopping Spread Spectrum (FHSS), dispelled some myths about FHSS, discussed some of the challenges with analyzing wireless protocols using FHSS, and detailed the goals of their hedyattack project.

In order to keep the cost for hedyattack low, the project is based on the CC1111 from Texas Instruments (TI), which can be purchased in a development kit for $50. When paired with the current hedyattack attack code, you can monitor FHSS in the 902-928 MHz range, although cutaway said it is easy to modify for sub-902MHz frequencies.

Still wondering what you could use hedyattack for? According to the presentation, the CC1111 is a "USB-enabled version of TI's most popular <1GHz radio ... same radio used in the majority of today's smart meters."

The second talk I want to mention was from Michael Ossman, called "Project Ubertooth: Building a Better Bluetooth Adapter" (video). One of the things that has been missing in the security world is a good, low-cost Bluetooth sniffing device. Michael's research found that current Bluetooth devices do not have the capability to perform passive sniffing, so he set out to build one for less than $100.

Project Ubertooth was the result of that effort and led to the creation of Ubertooth One. Paired with Kismet and a custom plugin, Ubertooth One allows you to discover and passively monitor Bluetooth devices. Michael demonstrated Kismet with Ubertooth One during his presentation and Bluetooth devices immediately started showing up on the screen.

Ready to dive in? The hedyattack code is available at the group's Google Code project found here, and the CC1111 development kit can be purchased from TI at this page. For Ubertooth One, Michael has created a Kickstarter project to fund the project; you can get your own Ubertooth One for $100.

John Sawyer is a Senior Security Analyst with InGuardians. The views and opinions expressed in this blog are his own and do not represent the views and opinions of his employer. He can be reached at johnhsawyer@gmail.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2970
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-0914
Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947
Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948
Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

Best of the Web
Dark Reading Radio