Congratulations to Emily Metcalfe for winning the Mystery Signal Challenge I announced at my Black Hat talk! Emily correctly identified the signal as a DECT cordless phone and was awarded a 5-in-1 network admin's cable plus a throwing star lan tap.
Tuesday, August 12, 2008
software radio at Black Hat and DEFCON
My Black Hat talk, Software Radio and the Future of Wireless Security went very well. Thanks to everyone who showed up. I've posted the final slides, demo code, and mystery signal stuff here.
Also at Black Hat were Olle's Mobitex talk and Kevin and Yoshi's talk on implantable medical devices. The Mobitex presentation was full of technical protocol details and described a method of decoding Mobitex traffic in software using sound card input from a radio receiver (more here). The medical devices talk was less technical but briefly covered wireless attacks on medical devices using the USRP (more here).
At DEFCON, NYCMIKE spoke about software-based decoding of pager networks. This was far less technical than Olle's talk, but it was nice to get a perspective from someone who just likes monitoring/scanning stuff. The canceled talk on MBTA vulnerabilities would have included a bit on using the USRP for everyone's favorite new hobby, attacking Mifare Classic RFID cards. It would have been nice to see their code. Thanks to the EFF for helping out on this one.
In his presentation at DEFCON, Rick pointed out the fact that the ath5k driver can be easily modified to tune wireless cards to a fairly impressive range of licensed bands. He also hinted that the cards might be able to be used as software radio devices for non-802.11 functions. I'm skeptical of this because it appears that ADC and DAC are tightly bound to PHY in the Atheros chipsets, but there are some interesting things like "i/q calibration" and "AR5K_ADDAC_TEST" that might be worth a closer look.
Software radio is certainly exploding in the security community. Maybe I should have called my talk, Software Radio and the Present of Wireless Security.