What you don't see, can hurt you. My talk from BSidesRGV 2024
Drew Lentz
Wireless Nerd, Solution Creator, thewirelesspodcast.com | Enterprise, Retail & Community Wireless Connectivity Enthusiast
I had a fantastic time speaking at BSidesRGV 2024 at South Texas College in McAllen, Texas. I submitted a speaking abstract to discuss wireless security vulnerabilities and the anatomy of wireless attacks. Initially, I thought I would focus on Wi-Fi, but I realized that while people are prepared for Wi-Fi attacks, they are less prepared for other types of wireless attacks. Therefore, I decided to focus on the various ways people can exploit wireless vulnerabilities to create a myriad of cybersecurity attacks.
I demonstrated simple attacks like how devices such as the Flipper Zero can create constant BLE alerts on people's phones, making them virtually unusable as users have to cancel the alerts repeatedly. I also showcased FM transmitters and other radio transmission devices that can take over the airwaves, either as a rogue radio station or to cause signal jamming and chaos. One of the key points I emphasized was "radio for hire" and adjacent radio attacks. I demonstrated how simple queries using widely available websites can provide information about open networks, showing how quickly I could target someone’s network using devices with known vulnerabilities (CVEs).
Instead of focusing on individual attacks, I aimed to convey the importance of stacked attacks that exploit multiple vulnerabilities simultaneously. For example, combining BLE with FM, AM, and even unauthorized printer access can create significant chaos, allowing attackers to achieve goals as simple as clearing traffic on a freeway or getting a free taco at a restaurant.?
The key message is that locks are meant to keep honest people out, and when it comes to wireless attacks, if you’re not monitoring the airwaves, these attacks could already be happening without your knowledge. When I polled the audience, only one person had any type of spectrum analyzer device, and no one was a certified amateur radio operator. This was a group of some of the most trusted professionals in the industry, yet no one was monitoring the airspace. What you don’t see can absolutely hurt you.
领英推荐
Here are some other photos from the event:
ICT Systems Architect | P.Eng., RCDD, CCNA, CWDP, CWISA
5 个月Very interesting read, thanks for sharing! One question that comes to mind is why are we less prepared for other types of wirless security threats (outside of Wi-Fi). One reason I can think of is for the majority of the time, these wireless solutions are implemented in an intra-net environment (closed off from the external world). But curious to hear your thoughts!