Tuesday, August 12, 2008

software radio at Black Hat and DEFCON

My Black Hat talk, Software Radio and the Future of Wireless Security went very well. Thanks to everyone who showed up. I've posted the final slides, demo code, and mystery signal stuff here.

Also at Black Hat were Olle's Mobitex talk and Kevin and Yoshi's talk on implantable medical devices. The Mobitex presentation was full of technical protocol details and described a method of decoding Mobitex traffic in software using sound card input from a radio receiver (more here). The medical devices talk was less technical but briefly covered wireless attacks on medical devices using the USRP (more here).

At DEFCON, NYCMIKE spoke about software-based decoding of pager networks. This was far less technical than Olle's talk, but it was nice to get a perspective from someone who just likes monitoring/scanning stuff. The canceled talk on MBTA vulnerabilities would have included a bit on using the USRP for everyone's favorite new hobby, attacking Mifare Classic RFID cards. It would have been nice to see their code. Thanks to the EFF for helping out on this one.

In his presentation at DEFCON, Rick pointed out the fact that the ath5k driver can be easily modified to tune wireless cards to a fairly impressive range of licensed bands. He also hinted that the cards might be able to be used as software radio devices for non-802.11 functions. I'm skeptical of this because it appears that ADC and DAC are tightly bound to PHY in the Atheros chipsets, but there are some interesting things like "i/q calibration" and "AR5K_ADDAC_TEST" that might be worth a closer look.

Software radio is certainly exploding in the security community. Maybe I should have called my talk, Software Radio and the Present of Wireless Security.

4 comments:

Anonymous said...

I would of loved to talk more in-depth but remember I only had 20 minutes. Thanks for stopping bye though I had a great time.

Cheers,
NYCMIKE

Michael Ossmann said...

Yeah, it's too bad you got shafted on minutes, but you managed to make it fun anyway. I should have introduced myself, but I was the guy who attempted to explain 2-level vs. 4-level FSK at your Q/A session. I hope you're doing fine in Idaho. ;-)

Anonymous said...

Hi, apparently your script (usrp_replay_cfile.py) does not seem to work. Could you help Zetek_Stuff?

http://www.nabble.com/Transmit-Samples-from-File-on-USRP-tt18985222.html

Anonymous said...

a