Perimeter
2/10/2011
08:54 AM
John H. Sawyer
John H. Sawyer
Commentary
50%
50%

Frequency Hopping Spread Spectrum, Project Ubertooth Detailed At ShmooCon

Two new wireless security projects discussed at ShmooCon focus on bringing low-cost hardware to security researchers

Have you often wanted to research, maybe even get into attacking wireless protocols other than the usual WiFi, but found the cost of the hardware to be off-putting? Several researchers recently presented at ShmooCon 2011 on projects they're working on to reduce the cost of entry for those interested in analyzing wireless protocols used by Bluetooth devices and smart meters.

The first wireless talk was the "Hop Hacking Hedy" (video) presentation by Q, Cutaway, and Atlas. It gave an overview of Frequency Hopping Spread Spectrum (FHSS), dispelled some myths about FHSS, discussed some of the challenges with analyzing wireless protocols using FHSS, and detailed the goals of their hedyattack project.

In order to keep the cost for hedyattack low, the project is based on the CC1111 from Texas Instruments (TI), which can be purchased in a development kit for $50. When paired with the current hedyattack attack code, you can monitor FHSS in the 902-928 MHz range, although cutaway said it is easy to modify for sub-902MHz frequencies.

Still wondering what you could use hedyattack for? According to the presentation, the CC1111 is a "USB-enabled version of TI's most popular <1GHz radio ... same radio used in the majority of today's smart meters."

The second talk I want to mention was from Michael Ossman, called "Project Ubertooth: Building a Better Bluetooth Adapter" (video). One of the things that has been missing in the security world is a good, low-cost Bluetooth sniffing device. Michael's research found that current Bluetooth devices do not have the capability to perform passive sniffing, so he set out to build one for less than $100.

Project Ubertooth was the result of that effort and led to the creation of Ubertooth One. Paired with Kismet and a custom plugin, Ubertooth One allows you to discover and passively monitor Bluetooth devices. Michael demonstrated Kismet with Ubertooth One during his presentation and Bluetooth devices immediately started showing up on the screen.

Ready to dive in? The hedyattack code is available at the group's Google Code project found here, and the CC1111 development kit can be purchased from TI at this page. For Ubertooth One, Michael has created a Kickstarter project to fund the project; you can get your own Ubertooth One for $100.

John Sawyer is a Senior Security Analyst with InGuardians. The views and opinions expressed in this blog are his own and do not represent the views and opinions of his employer. He can be reached at johnhsawyer@gmail.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3407
Published: 2014-11-27
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

CVE-2014-4829
Published: 2014-11-27
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests tha...

CVE-2014-4831
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

CVE-2014-4832
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

CVE-2014-4883
Published: 2014-11-27
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?