Presentation Material

Abstract

What do the Dallas tornado siren attack, hacked electric skateboards, and insecure smart door locks have in common? Vulnerable wireless protocols. The number of IoT devices is growing at an alarming rate. Many of these devices go unnoticed. The problem is that the software used by many of these devices lack basic security measures that we take for granted in regular computer software. Furthermore, security advisories are almost non-existent for IoT.

Exploration and use of software-defined radio to exploit the world we live in, full of interconnected devices, which makes convenient to keep remote things at fingertips. During this talk I will set the stage for how IoT is dramatically increasing the attack surface available to threat actors, what different steps are involved in RF attacks, how IoT devices have already been utilized for attacks (such as the Mirai botnet), how difficult it can be to fix IoT security issues as well as illustrating some changes that need to happen in the industry to enable us to securely use IoT going forward by eliminating top Internet of Radio Vulnerabilities.

AI Generated Summary^{may contain errors}

Here is a summary of the content:

RF Security Threats

• Eavesdropping and tampering with network traffic, data loss, and device tracking
• Replay attacks can change network state or induce device behavior
• Jamming: denying legitimate network traffic and disrupting network state by transmitting noise within the target network’s RF channel

Internet of Radio (IoR)

• IoR is not just about dark waves, but also invisible radio frequencies that need to be identified and monitored
• Rogue cell towers can capture all other radio frequencies and listen in on transmissions
• Unapproved IoT emitters can operate in your frequency range and organization
• Eavesdropping or surveillance devices like FM/GSM radios and vulnerable devices like low-end keyboards or mouse dongles

Privacy Rules and Regulations

• Transmission regulations vary by country (e.g. FCC in the US)
• Amateur stations must use minimum transmitter power necessary for communication
• Civil laws prohibit transmitting with excessive power (> 1.5 kilowatt)

Compliance for IT Organizations

• Be aware of data collection and processing, and obtain user consent
• Implement consent and record requirements according to Privacy Acts
• Understand country-specific regulations and consider hiring a lawyer if needed

Securing the RF World

• Analyze transmitters and receivers, and reverse-engineer them to understand vulnerabilities
• Monitor RF devices, frequencies, and data transmission to prevent attacks.