Perimeter
2/10/2011
08:54 AM
John H. Sawyer
John H. Sawyer
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Frequency Hopping Spread Spectrum, Project Ubertooth Detailed At ShmooCon

Two new wireless security projects discussed at ShmooCon focus on bringing low-cost hardware to security researchers

Have you often wanted to research, maybe even get into attacking wireless protocols other than the usual WiFi, but found the cost of the hardware to be off-putting? Several researchers recently presented at ShmooCon 2011 on projects they're working on to reduce the cost of entry for those interested in analyzing wireless protocols used by Bluetooth devices and smart meters.

The first wireless talk was the "Hop Hacking Hedy" (video) presentation by Q, Cutaway, and Atlas. It gave an overview of Frequency Hopping Spread Spectrum (FHSS), dispelled some myths about FHSS, discussed some of the challenges with analyzing wireless protocols using FHSS, and detailed the goals of their hedyattack project.

In order to keep the cost for hedyattack low, the project is based on the CC1111 from Texas Instruments (TI), which can be purchased in a development kit for $50. When paired with the current hedyattack attack code, you can monitor FHSS in the 902-928 MHz range, although cutaway said it is easy to modify for sub-902MHz frequencies.

Still wondering what you could use hedyattack for? According to the presentation, the CC1111 is a "USB-enabled version of TI's most popular <1GHz radio ... same radio used in the majority of today's smart meters."

The second talk I want to mention was from Michael Ossman, called "Project Ubertooth: Building a Better Bluetooth Adapter" (video). One of the things that has been missing in the security world is a good, low-cost Bluetooth sniffing device. Michael's research found that current Bluetooth devices do not have the capability to perform passive sniffing, so he set out to build one for less than $100.

Project Ubertooth was the result of that effort and led to the creation of Ubertooth One. Paired with Kismet and a custom plugin, Ubertooth One allows you to discover and passively monitor Bluetooth devices. Michael demonstrated Kismet with Ubertooth One during his presentation and Bluetooth devices immediately started showing up on the screen.

Ready to dive in? The hedyattack code is available at the group's Google Code project found here, and the CC1111 development kit can be purchased from TI at this page. For Ubertooth One, Michael has created a Kickstarter project to fund the project; you can get your own Ubertooth One for $100.

John Sawyer is a Senior Security Analyst with InGuardians. The views and opinions expressed in this blog are his own and do not represent the views and opinions of his employer. He can be reached at johnhsawyer@gmail.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web