IoT Devices May Be Susceptible to Replay Attacks with a Raspberry Pi and RTL-SDR Dongle
As the popularity of IoT devices grow, it’s only natural that security holes in some of the systems will become apparent. One such attack…
As the popularity of IoT devices grow, it’s only natural that security holes in some of the systems will become apparent. One such attack, which is demonstrated on rtl-sdr.com, is a wireless replay attack. If you’ve ever a programmed a new remote control by reading infrared codes from the original remote control, then you’ve already got an idea of the basic premise.
A replay attack, as the name suggests, is a pretty low-level attack that simply reproduces a signal that is used to control some device. Imagine a world where the locks on our front doors were opened with simple infrared remotes (like turning on a TV). An attacker could just record that IR modulation pattern, and then replay it later to unlock your door.
That sounds a bit silly, doesn’t it? But, that’s exactly what many IoT devices do. While there are a number of ways to connect IoT devices, one easy and low cost method is to use a central radio transmitter operating in the 433MHz to trigger receivers on the device. Different modulation patterns are used to control unique devices.
As RTL-SDR shows us, this is just as susceptible to replay attacks as that hypothetical infrared door lock. All you need is a Raspberry Pi, one of the RTL-SDR dongles (for software-defined radio), and a wire for an antenna. Then it’s a simple matter of recording and replaying the 433MHz modulation signal of the device you want to control.
Luckily, most commercial products don’t use this simple radio control scheme for important things like locks. But, it’s important to consider when you’re making your own IoT devices. It’s also worth upgrading to more sophisticated IoT devices if you don’t want pranksters turning your lights on and off.