Internet of Things (IoT) devices are combinations of actuators, sensors, and processors. Their capabilities vary. One thing most of them have in common is the use of a wireless interface. The wireless protocols range from well-known standards such as WiFi or Bluetooth to little known proprietary protocols used by various venders. The management of these devices proves to be difficult as the number of devices continues to increase, while the usability requirements remain ever pressing. Add speed-to-market considerations, and security takes a back seat for many IoT developers. Wireless, in particular, can be a difficult security area to grasp and IoT devices show this through their growing number of wireless-specific vulnerabilities.
Wireless communication is inherently insecure. Wireless signals are not easily contained or directed; they pass through walls and can be detected from miles away. Software Defined Radios (SDRs) have made viewing and manipulating these signals easier. The lack of security in IoT devices and the widespread inability to upgrade wireless protocols on these devices provides a rich target space. Previously known and mitigated vulnerabilities continue to appear and remain unpatched for the life of these devices. For example, a basic RF replay attack requires little to no modification of a captured signal that is then rebroadcast to execute the same action. For a light on/off command this may not matter, but when applied to something like a door lock the security risk becomes more serious. In addition to general RF related vulnerabilities, each wireless standard has its own specific flaws, and there’s a good chance that IoT devices will implement an out of date version of the standard without the security upgrades.
Wireless communication and protocol analysis traditionally have high barriers for entry. Standard-specific tools help remove some of these barriers for some more common protocols (like WiFi and Bluetooth). SDRs and open source tools continue to lower the barriers. In-depth understanding of digital signal processing, while useful, is no longer a necessity when analyzing unknown protocols. Performing a security analysis on an IoT device can be broken down into easy-to-follow steps with the help of open source tools.
This talk will go over how to use SDR hardware, GNU Radio, and other open source software to collect information about an IoT device’s wireless communication and how to break down a captured signal to extract the packet information.