I thought we would do a little end of the year roundup of a few subjects I feel are notable from 2023. I will be publishing an article with some things I am looking out for in 2024 and a list of all my YouTube recommendations from 2023 later in January.
Many of us consider an exploit to be mainstream when a
Metasploit module is written for it, and that serves well and good for things that Metasploit does well, such as attacks over a network. But what about attacks over wireless?
Well, we now have
the Flipper.
I have previously written about Flipper exploits, but at that time I did not really dive into what it is, exactly. The Flipper Zero is a small
Tamagotchi like device that incorporates a number of wireless and wired technologies and scripts to do things with those technologies. Its wireless capabilities consist of a TI
CC1101 driven Sub-1Ghz transceiver that can do things like talk to IoT devices and various access control systems. Also, for even more access control system shenanigans, it incorporates both a 125khz proximity card reader/writer/emulator and a 13.56Mhz NFC module (
ST25R3916). Proximity cards are often used for electronic locks on buildings and provide no security, having been developed using technology that predates microcontrollers small enough to fit on a access badge. 13.56Mhz technology presents a more formidable foe to the Flipper, since most modern access control systems use secure contactless smart cards with technology stacks like MiFARE, but the Flipper is able to conduct brute force and dictionary attacks against some of the simpler cards using this technology.
One big feature the Flipper has is Bluetooth, which as I had written in the This Week In Security linked above, allows a Flipper, in that case loaded with special software, to conduct a discovery spam attack that at the time it came out, would crash many Apple iOS devices. The Bluetooth is implemented using the onboard Bluetooth support in Flippers processor, an
STM32WB55RG from ST's new wireless microcontroller lineup. Other connectivity available on the Flipper is Infrared transmit and receive, allowing it to emulate remote controls, and
iButton /
1-Wire support, allowing it to read iButtons, which are sometimes used for
access control or
security guard tour verification systems. All of this information and the supported protocols is
expanded upon in the Flipper documentation.
In the SDR field we had been creeping up on this sorta mainstreaming of RF hacking for a long time, starting a long time ago with an ambitious
SDR project called the DSP-10, which used the then contemporary
Analog Devices ADSP-2181 Digital Signal Processor. Later on Matt Ettus developed the
Universal Software Radio Peripheral, originally sold as kits by
Ettus Research, which was later bought out by test equipment manufacturer National Instruments. The USRP is often used beside an SDR suite called
GNU Radio, which provides a processing block oriented environment allowing quick construction of SDR dataflows between processing blocks, and from that, fast concept to implementation of SDR solutions. The USRP devices continue to be developed to this day, with devices capable of large RF bandwidths and multiple inputs and outputs topping out the lineup. This all eventually resulted in a device called the
HackRF developed by Great Scott Gadgets. Which was expanded
using the PortaPack to allow portable operation, with expanded software for that called
Havoc and
Mayhem creating a very capable device.
While that was the high end, the low end had its own small revolution when people discovered that you could use a
simple DVB-T adapter with the RTL2832 chipset to recieve radio signals and feed them into SDR software such as GNU Radio,
SDR++,
HDSDR, and
Gqrx. Its also important to mention that there are a ton of SDR platforms out there these days, in addition to all those above there is also
LimeSDR,
BladeRF, and
KiwiSDR, to name just a few more.
I share the sentiment of Megazone when he wrote in May that he is
tired of ransomware. We can talk endlessly about solutions, either novel things like zero trust or old standbys like quickly patching vulnerabilities, but as long as IT is considered a cost center and something that is not a priority the entire industry will teeter on the brink of disaster.