• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Hacking Door Locks and Car Locks (Or Anything Wireless)

August 2, 2017 By Teri Radichel

When a wireless device of any kind sends data from one location to another, the device needs to protect the data just as if it was traveling over a wired network. Unfortunately, that is often not the case as several security researchers proved at Black Hat and Def Con. Tools exist that allowed the researchers to capture data traveling over different types of wireless protocols and use it to exploit systems.

A device connected to a physical network sends data over the network cables that connect all the devices. Companies take various precautions to protect the data at the point of access and while traversing the network.

When a device is sending data wirelessly, the data travels over radio waves through the air instead of over a physical wire. Although the data is traveling over a different medium, the same security best practices apply.

Proper data security includes:

Authentication: Confirms a user trying to access the data is who they claim to be.

Authorization: Ensures the user has permission to take the requested action.

Encryption: Scrambles the data in such a way that only a person with the correct key can read it.

Protect Keys: Authentication and encryption depend on keys. Allowing an attacker to access the key makes these protections useless.

Standards: Vendors should follow well-vetted standards like FIDO, for example, which ensures a private key never leaves the owner’s device during the authentication process.

Secure Programming: Programmers should follow best practices such as those published by OWASP.

Unfortunately, vendors are taking short cuts when it comes to wireless data. Security researchers discussed and in some cases showed how to capture data and trigger actions on wireless devices. Captured data between a key fob and door of a Jeep enabled a researcher to open his car door. Altered GPS data changed an Uber bill to zero after the fact. Security researchers speculated that tornado sirens going off at the wrong time may have been a wireless replay attack, meaning the legitimate message to set off the siren captured in transit, and re-sent to trigger the sirens later at an unauthorized time.

These problems with wireless security are not new. This video explains that SCADA systems, used to manage power plants, send data unauthenticated and unencrypted: https://www.youtube.com/watch?v=8Z9JpHXfZvM. This article explains how an attacker could steal data via wireless keyboards: https://www.wired.com/2016/07/radio-hack-steals-keystrokes-millions-wireless-keyboards/ Last year at Def Con, researchers showed how hackers could steal 24 different car models https://www.wired.com/2016/03/study-finds-24-car-models-open-unlocking-ignition-hack/ and compromise a number of Bluetooth house locks: https://www.engadget.com/2016/08/10/researcher-finds-huge-security-flaws-in-bluetooth-locks/

As one researcher put it, anything wireless is using radio waves to communicate. Anyone with the necessary equipment can access the data as it travels through the air. New devices make it easier for attackers to capture data sent via radio waves. The tools cost less as well. For this reason, manufacturers need to ensure their devices secure the data sent wirelessly over any protocol to or from any device. Hiring pen testers prior to release and leveraging bug bounties after release could help uncover these security flaws sooner.  — Teri Radichel (@teriradichel)

Related Black Hat and Def Con Presentations:

https://www.blackhat.com/docs/us-17/wednesday/us-17-Ossmann-Whats-On-The-Wireless-Automating-RF-Signal-Identification.pdf

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Caleb-Madrigal-IOT-Hacking-With-SDR.pdf

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Karit-ZX-Security-Using-GPS-Spoofing-To-Control-Time.pdf

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/Matt%20Knight%20and%20Marc%20Newlin/

Share This:

Related

Filed Under: Editorial Articles Tagged With: authentication, authorization, Blackhat, car locks, Defcon, door locks, encryption, fido, gps, IoT, protocol, radio frequency, rf, SCADA, secure programming, security, wireless

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use