by Tobias Zillner
“Radio… The final IoT frontier.
These are the problems of penetration testers.
Our continuing mission:
To explore strange new signals…
To seek out new devices; new protocols…
To boldly detect what no one is aware of!”
The Internet of Things (IoT) is considered to be the next phase of the Internet revolution – linking more and more objects of the real world to the virtual world and enabling anytime, anyplace and anything communication. Due to the vast increase in popularity and distribution, the IoT has become an interesting target for attackers. Because it is becoming more and more common for IoT devices to communicate over wireless channels, direct physical access to the targeted systems or network is no longer necessary. The attack range is then only dependent on the antennas used and the power of their transmitters.
Nowadays many companies are beginning to think about targeted attacks in the wireless world as a real threat but nobody is aware of what devices are out there, which protocols are used for communication and what information is transmitted. This huge attack surface is often a massive blind spot in cyber security strategies.
This talk provides insight into the problems that arise during security assessments in the wireless world, state-of-the-art wireless signal identification and what best practices should be used for revealing unknown signals.
The focus will be on the needs of a typical penetration tester, and in addition to the problem identification, we will release and demo a new tool that enables security testers to easily map the radio spectrum and identify unknown communication and devices.