Invaders in the airspace: The problem with IoT security

By Benjamin Cher October 16, 2015

Wireless threat exposure expanding faster than wired
Hackers can now use off-the-shelf products to gain access

Invaders in the airspace: The problem with IoT security

THE biggest buzzword in ICT today is the Internet of Things (IoT), where your refrigerator can connect to the Internet – for some inconceivable reason. Research firm Gartner predicts that there will be 26 billion connected devices by 2020.

This onslaught of connected devices will cause more trouble than convenience, especially when you bring wireless into the equation, according to Chris Rouland, founder, chairman and chief technology officer of Bastille Networks.

“We’re in this really unique position today with the Internet of Things, where there is this giant security gap being missed with the wireless exposure we see or don’t see today,” he told the HITB GSEC 2015 conference in Singapore.

The IoT situation today is reminiscent of the 1990s, Rouland remarked, especially with regards to the tools being used to hack wireless devices today.

Seeing the unseen

In those earlier days of computing, packet sniffers – programs or devices that could track and log packets of data transmitted over a network, including the Internet – were key to security, according to Rouland (pic above).

Being able to look at network traffic was integral to cybersecurity then, and he argued that to secure the IoT, we would need to do the same for wireless connections.

“To secure the IoT, we have to be able to see our airspace,” he said.

“The amount of information that is going across the spectrum in this room is staggering, and no one has been looking at it until recently, because the technology to do so was expensive,” he added.

The wireless threat surface is now expanding rapidly, with various competing protocols giving a greater opportunity for exploitation, according to Rouland.

He reckons that the game-changer in the wireless space was Eric Fry’s discovery that a cheap digital television USB tuner could be modified to sniff packets.

“Eric Fry found RTL2832U, which is designed for DVT-TV reception, and turned it into a software-defined radio or a packet sniffer for the airwaves,” Rouland said.

“Up to a few years ago, this equipment was only available to nation states,” he added.

Software-defined radio is the next big thing, according to Rouland. The ability to inject packets over the airwaves at these [radio] frequencies leads to the ability to hack into wireless systems.

Logan Lamb’s work with wireless home security systems that showcased a serious vulnerability – where a simple signal jam on a home security system can gain one entry – gave vendors a wake-up call, according to Rouland.

“The vendors got the message, a lot of these alarm companies in the United States got slapped with a class action lawsuit,” he said.

From wireless space to outer space

Rouland pointed out that even older satellites are not safe in this regard. Citing an example where a group contacted the US National Aeronautical and Space Agency (NASA) to reboot a previously decommissioned satellite, he remarked that the group was able to do it even without the radios that NASA used to contact the satellite previously.

“This is my favourite SDR (software-defined radio) hack – the I-SEE3 is a satellite that NASA decommissioned in 1995,” Rouland said.

“The group asked for the protocols, and were able to reboot the satellite without the original radios used to contact it,” he added.

Rouland said the group didn’t need permission to reboot the satellite – they could have just done it on their own.

“Space communications equipment, especially the older stuff from the 1970s, is vulnerable to an SDR hack,” he warned.

“I think there will be some interesting work around exploiting older spacecraft using SDR,” he added.

The golden age of hacking

Almost all conceivable IoT devices have been hacked or exploited, from the high profile ones like the Jeep hack to the wireless phone DECT hack.

Rouland profiled examples of WiFi and Bluetooth devices, and even the Nest thermostat, getting hacked.

And with businesses being open to the Bring Your Own Device (BYOD) trend, allowing such devices to connect to corporate networks, it will only get worse, since so many employees tend to disregard their IT departments’ BYOD security policies, he argued.

“I think we’re in the golden age of hacking – the next 10 years around RF (radio frequency) hacking is going to be awesome,” Rouland said.

“We’re going to have some critical problems and major outages, and the people at the front-end of IoT hacking will have the most fun because the fruit is easy and ripe for the picking,” he added.

HITB GSEC Singapore 2015 is being held at Hotel Fort Canning. Digital News Asia (DNA) is the official media partner.

Other HITB GSEC Stories:

The privacy and security balancing act, or not