Hacking the Airwaves: Beyond Relay Attacks! - Robin Roodt скачать в хорошем качестве

Hacking the Airwaves: Beyond Relay Attacks! - Robin Roodt

This talk will dive into the fundamental concepts of the radio frequency (RF) Relay attack and how it could be used to attack different type of systems that make use of radio communication. The Relay Attack allows an attacker to extend the intended range of communication between two devices, deceiving them into believing that they are in close proximity to one another to perform some type sensitive action, such as unlocking or starting cars, or making payments with PoS devices! Introduction: An introduction of the talk and the topics that are going to be covered. A quick glance into my background and how I got interested in radio frequency hacking. Explaining that the talk is mostly going to be focused diving into the fundamental concepts of the Relay attack and then two demonstrations as to how it could be used to target two completely different systems, namely cars and PoS devices. Concept of Relay Attack: This section is going to go through a conceptual explanation of what the relay attack is and how it is used to extend the intended range of communication between two devices, deceiving them into believing that they are in close proximity to one another to perform some sensitive action. Using the Relay attack to unlock and start cars: This section will explain how the Relay attack could be used to target automotive keyless entry and keyless start systems on cars. This will include a brief explanation of how keyless entry and keyless start systems work, with security footage showing how criminals execute the attack to steal a victim's car while the key remains locked inside the house (Demo 1). How far could you relay signals? Now that we understand the fundamentals of the Relay attack, we are going to perform the same attack, but in a different way to illustrate that this attack can be performed over great distances. We are going to attempt to relay signals from Cape Town all the way to Pretoria to unlock a car. An explanation will be given of how the signals are relayed from Cape Town to Pretoria, which will follow a demonstration of the actual proof-of-concept. In-case the proof of concept doesn't work due to the demo gods, we are going to show a video of the PoC working between Johannesburg and Pretoria. (Demo 2) How does this work on other systems such as a PoS device? After going through the automotive security explanation, what would this look like on a different device such as a PoS device? This section will give an explanation of how the attack would work when targeting a PoS device's tap-to-pay to make payments over larger distances. The explanation, followed by a demonstration (Demo 3), is going to show that the PoS device doesn't actually have to be near the victim's credit card to make a payment. As long as the signals are correctly relayed, it could be done over any distance. Closing remarks This section will be a quick recap of the topics covered during the talk, with a final reminder that this attack could be executed on anything that makes use of radio signals, such as access control system as well. A final note that I hope this talk has brought some insights to radio frequency hacking and raised some security awareness around the topic. Takeaways Security awareness about the Relay attack and how it could be used on any device that makes use of radio communication. ======================================== About the speaker: Robin Roodt I'm a cyber security consultant at MWR CyberSec where my main focus is Application Security. I started looking at radio signals in University where I got a lot of exposure while studying BEng Computer Engineering. Taking that knowledge to a security company, I thought to myself "What happens when we hack these signals flying through the air?". That kick-started my hobby where I immediately started hacking my mom's car! ========================================