Wireless systems spread the gamut from narrowband single channel transmitters to multi-gigabit Wi-Fi using OFDMA and multiple antennas. But in every case, wireless security is something that impacts each and every one of them, and the basic concepts of security can be applied no matter the wireless device.
Having worked with many wireless systems and products over the years, we’ve come to the conclusion that a lot of the security issues in wireless systems repeat themselves. We thought it would be a good idea to summarize them, because securing products relies on avoiding the errors of others.
1. Unencrypted Communications
You won’t believe the number of wireless devices that simply transmit unencrypted packets (referred to as cleartext in security). The only security here is that sniffing tools can be expensive or hard to use for most people. A lot of Bluetooth products, which could use Bluetooth encryption and authentication capabilities built into the protocol, just don’t use them. Usually this happens because a product developer has challenges dealing with the complexity of adding security to a product. The good news is that Bluetooth does a pretty good job in helping a designer take advantage of security features.
This also includes a lot of wireless products using Sub-1GHz (315MHz, 868MHz, 915MHz and similar bands) that typically use custom proprietary wireless protocols created by chipset vendors or the companies themselves.
Low security in Sub 1GHz devices usually happens for the typical reasons – the company thinks that the unique protocol is hard to decode and understand, and security adds more effort to the development which can be rushed, leaving wireless security out of the cycle.
A lot of companies don’t have developers with a security background. Some developers even believe that wireless devices are secure because they use frequency hopping which supposedly makes finding the signal harder. In some cases developers throw some AES encryption together and call it a wrap.
We’ve even seen devices send passwords in the clear which can be easily captured and used to control devices.
The problem is that all of these layers to enhance wireless security are all weak, and a product’s security depends on the weakest link. By adding layer on top of layer of supposed security developers think they’re improving a device’s security, when in fact they’re not.
A few specific examples of devices that have no wireless security include Garage Door openers, Bluetooth Low Energy devices not using encryption, Wi-Fi Access Point used during product configuration that have security set to open, etc.
An attacker looking to exploit a system can’t do any better than look at an unencrypted system.
2. Replay Attacks
Even when a system has been designed with some wireless security and encryption, maybe using public key cryptography, a proper encryption key exchange, etc., there are still a lot of cases where it’s designed in a way where replay attacks can still happen.
In a replay attack, an attacking device sends wireless packets that were previously captured and are played back to another device or the same device. Let’s take an example.
Alice and Bob want to communicate over a secure channel. Alice sends Bob a message that’s encrypted and sends a command to open a door. Bob and Alice both use encryption, so no one can generate the packet, right? Well, if an attacker, Charlie, captures the packet and there’s no replay attack protection, Charlie can resend the packet as if Alice is sending it (still encrypted). Bob decrypts the packet and it looks legit. Charlie never decrypted the packet, but Bob accepts it as is thinking it’s Alice.
With this attack, an attacker can generate or fake the data without having to do any work breaking the encryption. A popular example is capturing a garage door packet that allows opening a garage door later, even if the packet was encrypted.
Unfortunately many products don’t account for this problem, not realizing that with today’s accessible Software Defined Platforms can capture and replay data pretty easily.
Another great example is using fixed passwords with devices. These passwords are sent by one device to authenticate, but with a replay attack they’re useless.
Security measures against replay attacks include adding unique counters to packets that allow systems to discard packets that have already been received, which prevents reusing packets. All this needs to be taken into account when designing a secure wireless system.
3. Vulnerabilities in Key exchanges
When two devices need to communicate, they need to establish a common key that will be used to encrypt data. Most data is encrypted by symmetric key algorithms like AES. By symmetric we mean that both Alice and Bob, for example, have the same key for encryption and decryption. Alice encrypts using key K and Bob Decrypts using the same key
Using Public Key Cryptography to encrypt data between devices is possible, but because the key sizes are much bigger, the processing power needed is larger. For small devices this can mean a huge difference. Public Key crypto is usually used for the symmetric key exchange. Some devices, like products programmed at the factory, can use pre shared keys programmed into the devices. But in a lot of products there’s a need to connect devices in the field, which means the devices won’t know each other’s keys. Using Pre shared keys also has other downsides and vulnerabilities, especially if they’re used in multiple devices.
The key exchange process is critical, because if the key is revealed then the encryption is easily broken. But in some products, the key exchange protocol or process itself is vulnerable. This is especially true because the devices are wireless and capturing the data is possible at a distance. This means an attacker can capture the key or deduce it, and decrypt all the data.
One perfect example is Bluetooth. When Bluetooth 4.0 was released, the Bluetooth SIG adopted a custom key exchange to protect the AES key used for encryption. This custom mechanism was custom and unfortunately was vulnerable to attacks that could crack the keys quickly. This allowed attackers that were capturing the pairing packets (where the exchange process happened) to find the keys and decrypt the data.
Designing secure systems is difficult because small errors or failing to consider theoretical or practical vulnerabilities can bring down a system. When it comes to Key exchanges, as is the case for other parts of the system, it’s best to stick to tried and true key exchange protocol and algorithms. The Bluetooth SIG adopted ultimately adopted the Elliptic Curve Diffie-Helman key exchange which is an industry standard.
4. Jamming Wireless Devices
While most attackers are looking to crack the encryption and capture data (or just sniff it if it’s encrypted), jamming is still an option. In fact, jamming can be used to block a legitimate user in order to then crack the system. Jamming devices can be very effective. There are a few approaches to jamming wireless :
- Wideband Jamming – generating a wideband source of RF noise is relatively straightforward and doesn’t require any knowledge except the approximate frequencies a system is using that need to be interfered with
- Unmodulated Jamming – A more targeted approach is to use a radio in Continuous Wave (CW) mode. A lot of radio chipsets have a CW mode of operation that makes this very cheap.
- Protocol Jamming – Another approach is to generate packets that resemble actual packets for the system being jammed, causing the radios to receive incorrect packets. For example, generating a massive number of BLE advertising packets can overwhelm Bluetooth LE’s advertising channel and prevent devices from connecting. Interfering with the data channels can cause devices to disconnect.
Wideband jamming can sometimes be detected more easily because they affect multiple systems at the same time, and tend to be pretty powerful. Jamming the exact frequency band of the device and/or jamming via sending packets at a high rate is effective and is can be usually less obvious.
Defending against jamming is typically difficult. Jammers usually have high output power. While a product may be transmitting up to about 20dBm at best, Jammers that don’t care about staying within legal limits can transmit at 30dBm (10x stronger) or more.
Some approaches for protecting against jammers include:
- Use directional antennas between devices that reduce significantly the received signal from other devices
- Include filtering in the system to reduce the signal from other bands
- Use Frequency Hopping to avoid narrowband interference
- Add distance between any attacker and the system – this reduces the received signal
A Mexican Cartel member seen above is using a jammer with multiple antennas, that allows covering multiple radio bands. This jammer probably covers cellular bands, Wi-Fi and others.
One big downside of jammers, and especially wideband jammers, is that the users can typically be tracked and pinpointed. The penalties for jamming by regulatory authorities such as the FCC can be stiff, and jammers can be found especially if they’re persistent.
5. Mixing Encrypted and Unencrypted communications
Things don’t always get encrypted, even when they should. A good example of this were Wi-Fi Access points from a particular vendor that were transmitting some data frames unencrypted after receiving a Disassociation (Disconnection) Frame.
Mixing encrypted data and unencrypted can make a system susceptible to known-plaintext attacks and other variants. An attacker seeing information that is related to encrypted data can potentially help crack the encryption.
Even simpler, when systems mix encryption and plaintext communications, people can think their data is encrypted when it actually isn’t. Giving the possibility to use plaintext communications, some users will use it
6. Hardcoded passwords/secrets
It looks like humans have been using hardcoded passwords since computers were created. In the early days of the internet, many devices were shipped with hardcoded credentials that would allow a user to login easily. From routers to medical devices, maintenance modes were built in to all kinds of system, sometimes with a simple password that was well known and couldn’t be changed without a big change.
This situation has gotten better over the years as stories of systems being easily breached have made headlines. But, even today security researchers will find hardcoded passwords in there is always that system where no one thought the password would be found.
It’s relatively easy to get passwords in firmware once you extract it, but manuals and even people can provide this information. No production system should go out the door with hardcoded credentials. Yes, managing credentials on systems is a challenge, and it can have effects like slowing down support, but it prevents bypassing everything.
7. Weak cryptography
Products rely on cryptography to keep secure, but this is impossible when the cryptography itself is weak.
Brute forcing keys is commonly done. Many researchers have rented high powered computers that can test millions of keys a second, breaking communications. The Tetra standard was found recently to use extremely small keys that are essentially 32-bit, easily cracked with a computer from 25 years ago.
Building good cryptography is an art and science, and good practitioners are very few. Product developers and others are best left to use known and tested cryptographic primitives and protocols as much as possible, and avoid creating anything custom.
The Data Encryption Standard (DES), an encryption algorithm from the 1970’s is another example of an insecure algorithm because of its 56-bit key size. Even using strong cryptography such as AES can fail depending on how it’s actually used.
8. No message authentication
It’s amazing to think, but many messages and/or packets go out without any authentication. Simply encrypting a message does not by itself prove that it’s authentic, as there are attacks that can manipulate messages. This is also related to replay attacks where the message was not in fact sent by the source, but was injected by an attacker by simply replaying it.
9. Relay Attacks
Relay attacks are not new, but they’ve been getting a lot of attention recently because thieves have been using them to steal cars quite successfully. The attackers capture wireless packets being transmitted from one device, even live, and use two devices as a bridge to relay the packets to far longer distances. This defeats wireless systems that rely on proximity to activate or perform an action
10. Easy to Capture
Wireless signals are all around us. Instead of being confined mostly to copper wires, wireless systems broadcast everything. This allows any attacker to use tools to obtain all the information they want, encrypted or not. Using directional antennas and amplifiers it’s possible to capture data from much further than one can imagine. Even protocols like NFC which are designed to work for just a couple of centimeters, can be read at much larger distances.
For attackers, this is much easier than having to physically attack to a computer or cables, or send packets which may be traced through servers.