2020-043-Software_Defined_Radio-Sebastien_dudek-RF-attacks- IoT and car RF attacks


Manage episode 278420906 series 124251
By Bryan Brake, Amanda Berlin, and Brian Boettcher. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Sébastien Dudek -



Why we are here today?

Software Defined Radio (sdr-radio.com)

What kind of hardware or software do you need? Why would a security professional want to know how to use SDR tools and attacks?

What other kinds of attacks can be launched? (I mean, other than replay type attacks)

Door systems (badge systems)

NFC? Contactless credit card attacks

Smart building/home control systems

Bluetooth attacks

Point Of Sale systems

Cellular radio 3g/4g/5g

Industrial control systems

Home appliances

Medical telemetry systems


LoRa - Wikipedia

DASH7 - Wikipedia - custom TCP stack for LoRa

Vehicle-to-grid - Wikipedia (V2G)

Automatic Wireless Protocol Reverse Engineering | USENIX

Hunting mobile devices endpoints - the RF and the Hard way | Synacktiv - Sébastien Dudek

How Can Drones Be Hacked? The updated list of vulnerable drones & attack tools | by Sander Walters | Medium

Carrier Aggregation explained (3gpp.org)

Mobile phone jammer - Wikipedia

World’s top hackers meet at the first 5G Cyber Security Hackathon - Security Boulevard

Supply chain attacks - systems tend to use wireless chipsets or protocols

LTE-torpedo-NDSS19.pdf (uiowa.edu) -privacy attacks on 4g/5g networks using side channel information

How does someone make a faraday cage on the cheap? (mentioned in one of your class agendas)

Lots of IoT devices use your typical home wifi connection, can’t you just sniff packets to get what you need?

Replay attacks on car fobs: Jam and Replay Attacks on Vehicular Keyless Entry Systems (s34s0n.github.io)

Attacks on Tesla wireless entry: Tesla’s keyless entry vulnerable to spoofing attack, researchers find - The Verge

Garage door opener attacks: How to Hack a Garage Door in Under 10 Seconds and What You Can Do About It - ITS Tactical

Kid’s toy opens garage doors: This Hacked Kids' Toy Opens Garage Doors in Seconds | WIRED

What are the current limitations to testing wireless and RF related systems? What about custom wireless implementations?



I’m a wireless manufacturer of some kind of device. I’m freaked now by hearing you talk about how easy it is to attack wireless systems. What are some things I could do to ensure that the types of attacks we discussed here cannot affect me?

Wireless defense system? https://www.researchgate.net/publication/321491751_Security_Mechanisms_to_Defend_against_New_Attacks_on_Software-Defined_Radio

List of SDR software: The BIG List of RTL-SDR Supported Software (rtl-sdr.com)

362 episodes