Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

2/10/2011
08:54 AM
John H. Sawyer
John H. Sawyer
Commentary
50%
50%

Frequency Hopping Spread Spectrum, Project Ubertooth Detailed At ShmooCon

Two new wireless security projects discussed at ShmooCon focus on bringing low-cost hardware to security researchers

Have you often wanted to research, maybe even get into attacking wireless protocols other than the usual WiFi, but found the cost of the hardware to be off-putting? Several researchers recently presented at ShmooCon 2011 on projects they're working on to reduce the cost of entry for those interested in analyzing wireless protocols used by Bluetooth devices and smart meters.

The first wireless talk was the "Hop Hacking Hedy" (video) presentation by Q, Cutaway, and Atlas. It gave an overview of Frequency Hopping Spread Spectrum (FHSS), dispelled some myths about FHSS, discussed some of the challenges with analyzing wireless protocols using FHSS, and detailed the goals of their hedyattack project.

In order to keep the cost for hedyattack low, the project is based on the CC1111 from Texas Instruments (TI), which can be purchased in a development kit for $50. When paired with the current hedyattack attack code, you can monitor FHSS in the 902-928 MHz range, although cutaway said it is easy to modify for sub-902MHz frequencies.

Still wondering what you could use hedyattack for? According to the presentation, the CC1111 is a "USB-enabled version of TI's most popular <1GHz radio ... same radio used in the majority of today's smart meters."

The second talk I want to mention was from Michael Ossman, called "Project Ubertooth: Building a Better Bluetooth Adapter" (video). One of the things that has been missing in the security world is a good, low-cost Bluetooth sniffing device. Michael's research found that current Bluetooth devices do not have the capability to perform passive sniffing, so he set out to build one for less than $100.

Project Ubertooth was the result of that effort and led to the creation of Ubertooth One. Paired with Kismet and a custom plugin, Ubertooth One allows you to discover and passively monitor Bluetooth devices. Michael demonstrated Kismet with Ubertooth One during his presentation and Bluetooth devices immediately started showing up on the screen.

Ready to dive in? The hedyattack code is available at the group's Google Code project found here, and the CC1111 development kit can be purchased from TI at this page. For Ubertooth One, Michael has created a Kickstarter project to fund the project; you can get your own Ubertooth One for $100.

John Sawyer is a Senior Security Analyst with InGuardians. The views and opinions expressed in this blog are his own and do not represent the views and opinions of his employer. He can be reached at [email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21196
PUBLISHED: 2021-04-09
Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21197
PUBLISHED: 2021-04-09
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.