Wireless technology is fast replacing wired technology in most industry sectors where some form of communication between devices is required. The recent surge in Internet Of Things (IoT) devices has also pushed wireless communication to be implemented on more devices than ever before.

Benefits such as ease of setup, flexibility in device placement, and improved aesthetics all contribute to the fact that wireless devices are here to stay.

The shift from wired to wireless at first glance seems to only bring about benefits that hindered wired installations in prior years. Yet there is a significant drawback that is easily overlooked when it comes to the security of the devices and their associated communication with each other.

Manufacturers are pressured to produce devices that support wireless communications, yet they do not always have the required experience or maturity to produce a quality product. Where physical wires previously shielded communications from prying eyes, wireless technology has to rely on alternative mechanisms, such as encryption, to achieve the same level of assurance – a skill not previously required in all areas of manufacturing.

Consumers are also no longer able to easily judge the quality of a device’s security capability since there is no external physical appendage to review. A wireless system could have the best security available and look exactly the same as a wireless product that has little to no security in place.

To illustrate the problem and demonstrate how vulnerable devices can be, practical demonstrations are often required. During my presentation at BSides, I will illustrate how commercial off-the-shelf products can be reverse-engineered by malicious individuals or groups in a step-by-step manner.

Furthermore, I will provide guidance for consumers on how to identify and avoid devices that do not implement adequate security controls.

Attendees will learn how these attacks can be automated to facilitate the exploitation of wireless devices by parties with very minimal technical experience and how their exploitation can result in physical access breaches.

This presentation will be delivered in the Hardware & Wireless track of BSidesAU on Saturday, March 18, at 10:30 AM.

 

T.J. ActonAbout the Author: T.J. Acton is a Penetration Tester and Security Researcher at Privasec. He is primarily based in Sydney and works with high-profile clients to conduct research and specialist security assessments. Throughout his career, he has helped secure a wide range of commercial off-the-shelf and bespoke products, including self-service checkout machines, point-of-sale systems, and kiosk devices. T.J. founded Cyberspectrum Sydney, a regular meetup for the Software Defined Radio community, and regularly presents at security conferences across Australia. His primary focus areas are: Physical Security, Social Engineering, and Software Defined Radio. You can follow T.J. on Twitter and LinkedIn.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.