Emergency Services At Risk From Soft Radio Hacking

Critical emergency services could be under threat of disruption owing to the adoption of low-cost Software Defined Radio (SDR), warns security consultancy Digital Assurance.

Software-defined radio systems, which translate hardware-based circuitry into software implementations, are widely expected to become the dominant technology in radio systems, like GSM and DECT phone systems, or WiMax.

London Takedown

And Digital Assurance for one is concerned, because the increasing use of SDR is increasing the potential risks of a hacking incident or cyber attack.

“If you look at SDR, you have one side listening to the air, and one side connected to the Internet,” said Greg Jones, director at Digital Assurance, speaking to TechWeek Europe. “Take London as an example. If a hacker had his SDR connected to the Internet, he could (with a few of his friends) carry out a DDoS [distributed denial of service] attack against some really critical infrastructure. For example, the location of the transmitters for the emergency services in London are available on the Ofcom Website giving a hacker [or terrorist] the potential to bring a critical comms system to its knees in minutes.”

“Until recently, these communications systems have relied upon their obscurity to avoid being compromised and the necessary equipment was extremely expensive and hard to use,” said Jones. “But the lowering price point of SDR has laid these mobile communications wide open and this has been clearly demonstrated over recent years.

Jones warned that the dangers of hacking such critical infrastructure is increasing everyday, because SDR technology is becoming increasingly cheaper, more sophisticated, and more widely available.

What Is SDR?

SDR is a radio communication system where components (such as amplifiers) have traditionally been implemented in hardware, are now instead software-defined components. This allows these elements to be easily implemented and upgraded on personal computers or embedded devices, such as a mobile phone. It was initially developed by military and intelligence agencies in the 70s and 80s.

According to Digital Assurance, those attempting to compromise wireless communications systems in the past have used expensive equipment coupled with advanced signal analysis skills. Now, because it is all increasingly software-based, it has become a lot easier to hack into these communications.

“In contrast, SDR devices typically use a standard PC to capture and manipulate radio spectrum, potentially allowing an attacker to capture and demodulate advanced radio systems that were previously inaccessible to the hacking community,” said the company.

It also warned that common barriers to mobile attacks such as frequency hopping and advanced modulation techniques can be quickly overcome using off-the-shelf hardware and software.

SCADA vulnerability

More worryingly, Digital Assurance warns that a SDR vulnerability could impact a critical infrastructure, and the systems that control the critical infrastructure.

According to the consultants, SDR can also be used to compromise the, often, obscure and insecure radio systems used to transmit data between sensor devices and controller units, as found in many critical systems such as traffic lights, matrix boards, air-traffic control, railway signalling systems, and most distributed process control or supervisory control and data acquisition (SCADA) networks.

“Often these types of critical system use propriety wireless communication devices many of which were not designed with security in mind,” Digital Assurance warned.

The company added that it expects SDR-based hacking to increase dramatically in the foreseeable future, because of the attractiveness and diversity of these targets and the rapidly lowering cost of entry.

Typical attacks

SDR can be used for numerous criminal activities, such as signal capture; creation of fake GSM or DECT signals; and, potentially, even emulating Tetra base stations. This could facilitate intercepting or disrupting communications; interception, injection and jamming of point-to-point communications systems, such as road/rail side signalling systems; jamming and potentially spoofing of critical communications, such as time signals or even GPS signals.