Digital Assurance warned that mobile communications operating over radio systems such as GSM, WiMax and DECT are likely to become more heavily targeted as Software Defined Radio (SDR) technology becomes more sophisticated, cheaper and more widely available.
Those attempting to compromise wireless communications systems in the past have used expensive equipment coupled with advanced signal analysis skills. In contrast, SDR devices typically use a standard PC to capture and manipulate radio spectrum potentially allowing an attacker to capture and demodulate advanced radio systems which were previously inaccessible to the hacking community.
Common barriers to mobile attacks such as frequency hopping and advanced modulation techniques can be quickly overcome using this off-the-shelf hardware and software. Developed initially by military and intelligence agencies in the 70’s and 80’s, current commercial SDR technology requires a PC, high speed analogue to digital and digital to analogue converters and a suitable radio frequency front end to capture, manipulate and transmit wireless communications.
The USRP (Universal Software Radio Peripheral) is the current tool of choice for radio hackers around the world which, when coupled with open source software such as GNU Radio, allows the creation of advanced radio systems which would have previously required dedicated hardware.
SDR uses software rather than hardware circuitry to process the signal and can be used on a far wider scale to eavesdrop, intercept or disrupt communications over any of today’s mobile networks such as GSM, WiFi, WiMAX and DECT.
SDR can also be used to compromise the often obscure and insecure radio systems deployed to transmit data between sensor devices and controller units found in many critical systems including traffic lights and matrix boards, air traffic control, railway signal systems and most distributed process control or SCADA networks. Often these types of critical system use propriety wireless communication devices many of which were not designed with security in mind.
Given the attractiveness and diversity of these targets and the rapidly lowering cost of entry, Digital Assurance expects SDR-based hacking to increase dramatically in the foreseeable future. SDR can be used for numerous criminal activities such as the:
- Capture of almost any signal (subject to bandwidth restrictions etc.)
- Decode/de-modulation of most signals using suitable software
- Play/replay/modification of any signal
- Creation of fake GSM, DECT and potentially even TETRA base stations for the purposes of either intercepting or disrupting communications. (For example, a user placing a call to their bank could find the call has been intercepted and that the helpful person on the receiving end is the hacker running a fake GSM base station.)
- Interception, injection and jamming of point-to-point communications systems such as those found between buildings or road/rail side signalling systems.
- Jamming and potentially spoofing of critical communications such as time signals and even GPS signals. (There have been public speculation and claims that the recent downing of an advanced US UAV that occurred over Iran was caused by ground based GPS jamming/spoofing conducted by an Iranian electronic warfare unit).
SDR hacks are sophisticated and can be extremely difficult to detect and prevent unless specific safeguards have been put in place. The only way of protecting a wireless device at present is to ensure that it has been designed, configured and deployed to resist over-the-air attacks. Very few vendors of such equipment will give such an assurance so independent testing is currently the only option until the industry applies itself to developing a solution. Understanding exactly what radio systems the organisation has deployed and ensuring adequate risk assessments have been conducted is an essential first step.
“Until recently, these communications systems have relied upon their obscurity to avoid being compromised and the necessary equipment was extremely expensive and hard to use. But the lowering price point of SDR has laid these mobile communications wide open and this has been clearly demonstrated over recent years,” said Greg Jones, Director, Digital Assurance. “Computer hackers have a good and well understood capability to manipulate communications travelling “over-the-wire’ as there are many tools for capturing and manipulating wired communications, “network sniffers’ being the most obvious. The SDR now means these same people can apply that capability and their knowledge to attack “over-the-air’ communications to compromise radio systems and radio standards”.