I have my key fob in my hand and if I hit you see it it popped up, I saw a spike. Yeah, yeah, that's that's the signal from my key fob to my car. The procedure then to hack it is simply to capture it and then replay it. Now you can do it for a few hundred dollars with some real inexpensive equipment that connects to your computer and is capable of receiving and sending transmitting radio signals from your computer at all different wavelengths and all different configurations. Hey everyone, it's Yannivoffman back with another video and this time a very sought after video about software defined radio. And I have a special guest with me again sour the video. So I would like to welcome Master Ache occupy the Web otw welcome. Thank you. I'm glad to be here and thank you for inviting me back again. No, my pleasure, definitely. And you know, our videos together are very insightful and many people are reaching me about it, asking more subject to speak about. And one of the main subject at least we spoke between ourselves was radiohacking. And it's also part of your new book and part of your classes in Arcare arise. But before maybe we'll start to speak about what is software defined radio, the methods, the tools that can be used, the advantages maybe let's speak about the idea as I believe maybe nation state are using it for many years. But the regular, the common cybersecurity professionals maybe Pen testers are not that familiar with that subject which between us will be a major topic in the coming years. So maybe we'll start with that and then we'll see where it takes us and maybe have also some demonstration if possible about radioactive sounds good. Yeah. I think that a lot of people who have been some of them who are new and some of them who've been around this industry for years aren't really fully cognizant of the importance of radio networks. Now we have radio networks around us all over the place. Of course we have our Am FM radio, right? But we've got all kinds of other radio waves traveling around us constantly. The aircraft are all emitting radio signals. Ships, GPS, RFID, NFC, our phones and our cards, our credit cards are all emitting a radio signal. All of which can be hacked. Right? There is the possibility of intercepting drones which are obviously controlled by radio signals. Even such mundane things as mice. Your mouse is committing is oftentimes it's a wireless mouse. It's emitting a radio signal communicating with your computer as well as maybe your keyboard. And of course your monitor is also emitting radio waves that can be intercepted and somebody can intercept those and recreate your computer monitor on another monitor. And then probably most importantly there's cellular signals, right? Cellular signals are traveling around us and we're all using cell to communicate. That's a radio signal. It's a radio signal between your phone and a cell tower and those can be intercepted. And the intelligence agencies, law enforcement, they've been doing this stuff for decades. They've all been intercepting our signals for their own purposes. But now what's changed is that in recent years, the average home hacker computer, It professional can do the same thing for just a few hundred dollars. Whereas previously it would have cost you hundreds of thousands of dollars, now you can do it for a few hundred dollars with some real inexpensive equipment that connects to your computer and is capable of receiving and sending transmitting radio signals from your computer at all different wavelengths and all different configurations. Right? So indeed, in your book I looked in the new book, I just got it, the network basic for occurs also, I'm going to the last chapter of the book where you are speaking, chapter 15 when you are speaking about radio frequency network and SDR. And indeed, I was amazed you listed some of the application in our modern time that we are using, which is a list that sometimes you don't even think about and it's unbelievable. Long list. You could only list entire book with application. So it's amazing. I do recommend people to read this book and I will also leave the book link in the description. You can buy it at Akira Rise, you can buy it through Amazon like I did and what I saw. You say something in the book, I want to read it from the book. It's interesting. You say most of these applications have little or no security. The cybersecurity professionals need only access to the transmission to view the data. In cases where there is security, it's often easily broken. In cases where the transmissions are relatively secure, transmission can often be captured and replayed. This is amazing. In addition, encrypted communication can often be decrypted by capturing the transmission and deciphering the algorithm and passcode. That's correct. Yeah. So, I mean, things like for years up until 2014, the radio equipped dongle for cars that unlocks locks and unlocks the cars, it had basically no security at all until before 2014. So on these key fobs for cars up to 2014, all you had to do was capture the signal between the key fob and the car. Capture it, okay, it's out there, it's just roaming, it's going past us in the ether and then go ahead and replay it to open the car door. Up to 2014, some Hondas that will work up to 2020. Now, since 2014, they put some more security in, but it still can be broken. But before 2014, there's basically no security. It's just a basic straightforward replay attack. Right. But there are so many of these signals passing us all the time that it's amazing that this is not an area of concentration by hackers and pen testers yet. But I think it will be in the very near future as more and more like, for instance, a modern automobile a modern automobile in 2023 is giving off all kinds of radio signals and receiving a lot of radio signals. And oftentimes the best way to hack into an automobile is to hack those radio signals that the car is giving off. Right. Either it's giving off a GPS signal, it's giving off a WiFi signal, it's giving off a number of different radio signals. So if you want to hack an automobile, the best entry point are these radio signals that the car is sending and receiving. One of my favorite TV shows that shows something like that was Mr. Robot in one of the chapter. They hack one of the cars, right. There's a couple of episodes where they hack car, I think maybe three. There's one where they're driving down the street and they're being chased by somebody, and they get GM to turn off the radio. So the GM automobiles have the used aircraft signal built into it. It's something that GM bought many years ago. And so I forgot what they call it in the GM cars. But it's a satellite communication signal in the GM cars on track is what it's called. I think that's what it's called. And they got them to turn off the engine on the car. So it's a theft prevention device that they have built into those cars. Once again, a radio signal to a satellite. Now, these satellite signals can be intercepted as well and hacked. And so there's many different types of radio signals and they are available to the home hacker with the right equipment and particularly with the right antenna when you start talking about satellite communication. Right. So if I'm looking at the advantage, okay, from eye level advantage of using software defined radio, one, I have flexibility right, on the frequency and signal. And I think you wrote it in the book. And also the ability to capture and you mentioned it a few times, that's key one, you are able to capture the analog signals, convert them into digital, and then be able to manipulate it as you wish in order to create actually the act itself. Right? Exactly. Yeah. I mean, that's a basic replay attack. It is that you capture whatever the signal is and then you replay it. And that way, if it's encrypted, you don't even have to decrypt it because you're sending the encrypted message back to, in this case, an automobile. So there's lots of these types of applications, and the list is so long that we don't think about all these radio signals around us. But the one that's probably most important is that cell phone signal. Right? That's the one we use every day for communication. And we think that that is private and encrypted. But even that can be intercepted and decrypted. Right. Attacks from the user EndSet at the end of the day. I think until recently, there were concerns of inbound attacks, attacks that are getting into the carrier itself, service provider in the Internet gateway, the telco cloud, that could reach also to the user inset. But lately we start to see concerns that attacks can come from the user insets right from the other side, from the egress side, and think will only increase this threat. So this is expected. I agree. I think that the cell system in general is at risk as being insecure, but there's so many others that's a little more sophisticated attack, a little bit more sophisticated attack in that one of the things that most of your listeners probably have heard of is something that's called a stingray. A stingray is basically a mobile cell tower. And if you have a cell tower, everybody who's close to you will connect automatically to your cell tower. And this is something that law enforcement and the intelligence agencies have been using for years to be able to spy on folks. Well, it's possible now to build your own cell tower for like a couple of if you go to buy one of these things, they actually are for sale. But they're only for sale to law enforcement intelligence. They'll cost you 50,000 to a quarter million dollars. But it's possible now to build your own for less than $2,000. That basically is a game changer because that means that many people can build their own cell tower. And if you own the cell tower, you own all the communication. Right? You know what, let's maybe do we talked before offline maybe to do some demonstration. Maybe we can see some demonstration how this SDR can be used and then we can speak about some tools and methods and even maybe challenges in implementing an SDR. Let me show you what's being done as a demonstration of what's happening in terms of radio signals. So what I'm going to show you is a couple of websites that use that intercept the radio signals from marine traffic and from air traffic and put them up on the web. This is a site called Radar Box. And Radar Box what it does, this is live. You can see the planes moving. This is Atlanta, Georgia in the US. Okay? Of course, we can move it to any place. This is the busiest airport in the US. You can see how heavy the traffic is. But this is real time. This is real time monitoring of air traffic in any place in the world. What is happening is each one of these planes is giving off a radio signal that is unencrypted that anybody can intercept. Now, the way that this particular website works is that people volunteer to capture this data and send it to them and they post it on their website. But you can do this just as easily. There's a tool called Dump 1090 that is capable of doing it. So you can track the air speed, the altitude and the movements, the GPS coordinates of every airplane, every aircraft within your region. Now, if you look closely, you'll see one aircraft right here. It's blocked. Blocked. Do you see this one blocked? Yes, I do see it. That's because this particular aircraft has asked here's another one over here, blocked, has asked that it not be displayed another one blocked, not be displayed on this website. But you at home, it's not blocked for you, right? It's only blocked on this website. So you could actually see. Now, these are private aircraft that they obviously don't want their information displayed on this particular application. But you can get that information and track these aircraft yourself. This is just publicly available radio signals, unencrypted signals that are being displayed here that include GPS, altitude, speed, and this is part of the way the worldwide aircraft industry works. They just send out these radio signals. It's a way that the industry tracks the aircraft so they don't crash into each other. But you can also do the same thing and actually maybe do it better because you're not going to get blocked by these signals. Here. That's one application. Now with a simple $30 device, a simple $30 device, the RTL, SDR, you can do the same thing, all right? It costs $30. It's simply a receiver. It's a receiver and it can pick up these aircraft signals and display them on your screen. I have a tutorial both in network basics for hackers and on hackers arise on how to do that. This is just a demonstration of what's out there in terms of signals. Now in terms of same thing applies to ships. This is a website called Marine Traffic. And this happens to be what we're looking at right now is Ukraine. All right, this is just outside, this is Crimea right here. And this is the Kirch Bridge, okay? The famous Kirch Bridge that connects Crimea. That Russia built between Crimea and Russia. And here's all of the craft that are in that area in real time. And how do we get it in real time? Because they're all giving off a radio signal that includes their location, their GPS coordinates. And now these GPS coordinates are transmitted both to a GPS receiver, satellite receiver, but they're also sent out by a weak radio signal that is terrestrial, that you can pick it up. That, and that's what they're getting this data from, is that they're getting it from this weak terrestrial signal and it gives off the GPS coordinates and speed of every ship in the world. All right, this is one of the ways that we were able to locate the super yachts of the Oligarch, the Russian Oligarch. This is how we were able to find them. So all we had to do was trace who owned the yacht and then get the name and the serial number on it, and then we could find that particular yacht where it was at every moment in the world. And this is because these vehicles, including your automobile. They're all giving off radio signals. That's what makes this possible. All right, so this is just receiving signals, receiving signals. And this is the least expensive and the easiest to do. You could pick up all kinds of radio signals from all over the world, either local or global. But most of what you're going to pick up with a simple receiver and a simple antenna is going to be local stuff. But that means you can pick up all of these ships if you're near any body of water, any aircraft, which basically there's aircraft flying over all over the world. You can also pick up the Am FM radios. But there's so much more. If you really want to start hacking, what you need to do is you need to get a transceiver. Okay? Transceiver is one that's both able to receive and transmit. Now we're starting to talk about a little bit more money. We're starting to talk about $300 instead of $330. And once you have that, you can go ahead and both pick up the signals and then transmit signals as well. Now this is a simple application right here. This is a Windows application called Hdsdr. And I show it, not because it's the best application, but simply because it's one of the prettiest applications and it runs on Windows. So those people who don't want to use Linux, which most of the applications are built in Linux, by the way, once again, if you don't know Linux, it's hard to be a hacker, right? That's why I wrote Linux Basics for Hackers is that you got to know Linux. But for our purposes here, I put in a Windows application for you for those people who don't want to and don't have a mastery of Linux. And this is showing us just part of the radio spectrum. But what I want to show you right here is you can see right around 315, that's where the key Fobs right here, you can see about 315 MHz. This is where Key Fobs the car Key Fobs transmitted. At least in the US. And Japan. In Europe, they use a different frequency. But if I go ahead and hit now, watch what happens when I hit the key Fob. I have my key Fob in my hand and if I hit you see it? It popped up. I saw a spike. Yeah, that's the signal from my key Fob to my car. These are over here are all other different there's radio signals around us all the time. No matter where we're at, there's all kinds of radio signals. And so if we were to go and for instance, just go down the spectrum I'm just traveling I'm traveling down the spectrum now I'm at about 423. You can see there's a spike right here. And these are just other radio signals that are out there. Here's a bunch. Look at these over here. Wow. So this is just showing us what's out there. This is a $300 device. This is the hack RF one. But we can pick up all kinds of signals. We can pick up the air traffic controllers, towers, we can pick up the police radio, we can pick up all kinds of signals just to listen in and that's all we're doing. We're not hacking them, we're just listening in. But if you wanted to hack a car, you would try to in the US. And Japan, you focus on this particular frequency right here and you can see the spike right there. Every time I hit the key fob, I'll move it aside here. You can see it, see it spike up. Now I'm going to hit it. Now that's the signal coming from a key fob in my hand to my car. Now the procedure then to hack it is simply to capture it and then replay it. Now there's a number of tools that are out there, but it starts getting, now we need to go into a Linux distribution to be able to do that. And what I recommend, this is kind of a new Linux distribution that I really like a lot. And if you really want to get into radio hacking, it's called Dragon OS and I'll put it on the screen here for you. This is Dragon OS. It's not the newest, but it's probably my favorite. And the beauty of this is that it has all of the, not all, it has so many of the hacking tools. I'll show you what it has here under other these are all the hacking tools that it has built into it. The Universal Radio hacker is an excellent tool. It just has a whole bunch of whole slew of capabilities built into it. Here's the Universal Radio hacker opening up right here. It has the capability of analyzing your signal and it allows you to generate a signal and simulate signals. And so this is one of a newer tool that's come out in the last couple of years for radio hacking. But there's a whole lot of other tools in here as well, some of them that have been around for a long time. Here's Sat dump for satellite communication. And so we can go ahead and pick up satellite communication. Now satellite communication usually requires a specialty antenna. So this would be outside of the realm of the beginner in satellite. But there's some things like the International Space Station puts out a signal that you can pick up with a simple antenna. But some of the other satellites require more sophisticated antennas, some of your reader or listeners who may be familiar with it. There's a number of satellites that have been going around the world developed by multiple countries, but most of them are coming out of the US that are being used for communication. And some of these satellites, they've been around, we've been using satellites for communication for decades now. Right, right, well, 50, 60 years now, some of these satellites are no longer being used by the government agencies, but they're still up in orbit. And sometimes amateur like you and I can use those satellites for communication if we have the right equipment. And this has been an issue that the US. Government has run into, is that they found that there are people around the world using these old satellites for communication around the world. And all you need is some inexpensive equipment and a good antenna. That's the key, is a good antenna. So here's one of the tools for picking up satellite communication. Of course, one of the things that if you really want to get into this field is that one, you need to have a good antenna. And you probably want to have an amplifier because most of these SDR devices, they don't give off much of a very strong signal. So like, for instance, I have a tutorial on Hackers Arise, where we were showing how to jam the Russian radio signals in Ukraine. Okay? And that works great. But the problem is getting close enough to the transmitter and having enough wattage to be able to jam the signals. But it's pretty easy to jam radio signals. In this case, we were looking at jamming the communication channels that the Russians were using to communicate to their troops in Ukraine. The only thing we needed was a big amplifier to be able to amplify the signals. Now, one of the things that jamming has been used for, for many, many years is to keep the cell signals out of a safe zone. So for instance, when you have a prime minister or president or what have you visiting in some place, the security services will jam all the cell signals in the area, right? And so this is for security purposes. And that's pretty easy to do. That is actually relatively easy to do. And you can do it with an SDR for hackers. So there's lots of applications you can jam WiFi. WiFi is a radio signal. It's transmitting at 2.5 disadvantages of the inexpensive SDR software defined radio dongles is some of them don't have a wide range. So for instance, the inexpensive $30 RTL SDR will only go up to 1.6. WiFi operates at 2.5 GHz. So does a lot of other things operate at 2.5 GHz, so it won't even pick up that signal in that range. Whereas the hack RF will operate up to 6, will both receive and transmit. That's why it costs $300 and not $30. Yeah, I have two questions about it because we are speaking about many things. One, maybe you also mentioned Akiri, and you mentioned many terms here, like frequency and amplitude, et cetera. What type or kind of skills and knowledge are required to operate an SDR technology and where can he get it if he wants to learn? For pen testers that are interested in getting into this subject, maybe you can touch a bit about that. Sure. We just introduced a new course and it's going to be a one day mini course at the end of June. I think it's June 29 and it's going to be radio basics for hackers. So what we found is exactly what you're referring to here is that you need to have some basic knowledge of radio signals, frequency, amplitudes, the sampling antenna technology. These are what to be useful in this field. You need to have some basic knowledge and then apply that to a number of these tools. So we're going to do a one day intensive mini course. I think that's on June 29 that's just going to be fundamentals of radio and we're going to try to focus on those areas that the hacker needs to understand. And then in July we have the SDR for hackers course, which will use what we learned in that mini course. And we're going to do a whole lot of hacks in that class. Every year we put more hacks into that class and I think that's mid July. So anybody who wants to learn this field, which is a fascinating field for me, it's very fascinating, I think for the beginner or intermediate or even the professional hacker who isn't familiar with this field, this is the future. I hate to say it, but a lot of things, so many things like web app hacking, that's cool, that's part of what Pen tester does. But if you want to get on the leading edge, this is the leading edge of hacking and penetration testing. I don't see many firms doing it and testing things like our wireless mice and keyboards. Are they safe? Can they be hacked? If they can be hacked, then the hacker can get into the system or at least pick up the keystrokes of the keyboard, those things. I don't see many firms actually testing those. I agree. I'm not sure many firms also, when we are speaking of all of that, I'm not sure many firms or at least security teams in many organization really understand the compliance and regulation around that, right? The spectrum, et cetera. Not saying even I agree with you, incident response plan. I'm not sure, I didn't even see it. Now that I think I'm thinking about it, right. I don't see hardly any firm paying attention to this area, and I think they should. But especially now that this type of capability is into the hands of the average hacker individual out there, this is a relatively new well, it's an old field for the intelligence agencies. They've been doing this for 30, 40, 50 years. But as far as the hacker is concerned, this is a relatively new field because it has become really inexpensive to do really sophisticated hacks. Right. And it's easy, right. You just need to download the software itself and then you have a dongle, probably USB three or something that connect to your computer transceiver and that's it. You need an antenna, you need a dongle, and you need a computer. And so if you've already got the computer, you can get into this field for about $30. That's a receiver to get into the transmitter. It's $300 to $1,000 to get a good transmitter. And so a transceiver, one that both receives and transmits. So, for instance, the hack on the key fob is both a receiving a signal and then transmitting a signal. So you need a transceiver to do that. Right. And in your book, I'm just looking at it, you have a nice comparison between definitely the tools, the receivers, the transceivers. But tell me, I have a question. Are these easy to find to buy? Can I buy it? Like in Amazon? Okay. No, you can buy these right off Amazon. The RTL SDR, the real inexpensive one, is on Amazon, and it runs about 30 $35 on Amazon. You can also buy it other places if you just Google it. The hack RF is available on Amazon as well, and it's also available from a number of other places as well. The hack RF is actually an open source configuration. And so there's other companies who are selling it around the world. There's Chinese knock offs on it if you want to save some money and you don't want to in some cases. I've tested some of the Chinese knock offs. Some of them are good and some of them are bad. So just got to be careful. But it is open source. The design of the Hack RF is open source, so anybody can make one. It's Great Scott Gadgets, who actually is the one who sells the original, they charge about 323 30 for it. If you go to some of the Chinese websites, you can get them for as little as $100, $120. Some of them are good, some of them are not. So you just got to kind of be careful with that. Unbelievably. Accessible now. Very accessible, yes. Tell me, what about challenges in implementing an SDR, solutions or systems? Well, the challenges I think are the biggest ones are to understand radio technology. We've all taken radio for granted for all these years. We've all lived in a world where radio signals are all around us and we don't really think about it very much, but there's more to radio than we generally give our thought to. There's an awful lot of ways that radio can be used, and there's different ways that it can send signals, and there's multiple ways that it can be encrypted or made safe. This is part of what I want to do in this Radio for Hackers course coming up, is just to get the novice to this field, to get them a foot in the field so they can understand the basics of radio and then they can then apply that to SDR for hackers. Right, I agree. I think it's a fascinating field, definitely with lots of. New development that will just come forward as we are progressing. And it's good time for Pen testers, cybersecurity professionals, organizations to start to look into it. And definitely what I will do, I will leave here while we are speaking, after the editing, we'll put here the links, one for accurate. I don't know if you still have you already published links for registration into the workshop in June and July, but if so, maybe you can also share with me. I will put it here. Okay, I'll send it to you. Yeah, that would like to join. Definitely. This is something probably I will be one of the participants. It's something that intrigued me. What else, Otw, we can share here in this video that you think it's important for people, the viewers, the listeners to know? Well, a couple of things that I think is kind of an indication of how far and how fast this field is coming. Probably many of your viewers by now are familiar with the new tool that came out called Flipper. Have you seen the flipper? Right? The Flipper is basically an SDR for hackers. It's a program, it's a simple device. It's a very simple device that has some limited capabilities, but it's good at what it does. And this shows us, I think they go for about 100 and $6170. But I think it indicates one, how important this field is and how popular it's becoming. And you don't have to be a radio or a computer genius to be able to work in the field. The Flipper is designed for simple use. And one of the things that the Flipper can do is can capture and replay. Once again, the replay attack on an NFC. So NFC is that near field communication. That's a radio signal that's being given off by your Android or Apple phone and your credit cards. So they're all giving off a near field communication. It's a radio signal and it's not encrypted. Okay, but you need to be close or you have to be able to amplify the signal. So with that you can go ahead and capture that signal and replay it. And this is a real threat to the Apple Pay and all the payment applications that we're using on our phones and our credit cards. So the Flipper is capable of doing that, of course. So is these other devices like the hack RF and the RTL SDR cannot because it can't send a signal. You have to be able to both receive it and send it. But the Flipper is able to do that and capture the signal from a credit card and then replay that signal. So this is going to force the industry to start thinking about security on these devices as it becomes as people's knowledge of this field grows. Thank you very much, Otw. And again, I will also leave for the viewers listener, I will leave the links for Otw books. This is the latest one, also as a chapter. The last chapter, chapter 15, about software defined radio. We heard about new workshops and courses for radio for hacking, June July, so we'll publish that as well and as usual, occupy the web. It was very insightful for me, I'm sure for the viewers. And if you have some comments, feedbacks, you want to hear more about SDR, you have some ideas or interest in some subject that we still didn't speak together, let us know, we'll try to address it. And thank you very much. Thank you again, Otw, and see you all in next time.
