SAN JOSE, Calif. — An engineer with little working experience in security used open-source code to win a challenge finding breaches in a home network. The effort, while promising, showed that there’s still plenty of work ahead to close vulnerabilities in the Internet of Things, participants said.
Contestants were provided with two short recordings of RF traffic at a model smart home built in a Bedford, Massachusetts, warehouse. The first was a two-minute baseline of as many as 75 Zigbee and Z-Wave devices in operation. The second recording was made after organizers changed about 40 devices in a mixture of easy, medium, and difficult ways to detect.
“We’ve been worrying about how you determine what devices are on your network, and we knew it was hard,” said Jeff Schwefler, a networking engineer who designed the challenge at Mitre, a firm that operates several U.S. government research centers.
Interest was broad, with 131 contestants from 35 countries, but success was relatively low. The winner “got a fair number of the hard challenges, but not all of them, so there is still work to be done in enumerating a networked environment,” said Schwefler.
The winner, Duncan Thompson, is an FPGA engineer for optical-networking specialist Ciena. “I’ve always been interested in networking; I stumbled on a story about the challenge and figured I didn’t have much to lose,” he said.
Thompson and his older brother used GNU Radio to do an initial analysis of the signaling data, using a down-sample filter to cut the size of gigabyte files. They also used the open-source program to demodulate packets. Then they used the Wire Shark protocol analyzer to inspect packets.
“With the Zigbee files, it was easier to ID the transmitters … and make matches between the two samples,” Thompson said, noting that he missed some of the hardware IDs that organizers changed for the second recording.
The Z-Wave analysis “was a lot more complicated because it doesn’t use hardware IDs … so we calculated frequency offsets from preambles of packet transmitters … to discover which devices were which. We scored much lower here in part because we were only given two minutes of data, so we had a small number of packets to work with,” he said.
The frequency offsets caused by minor variations in making transmitters was the biggest source of information on the Z-Wave networks. “If vendors could reliably get transmitters running at the same frequency, it would be very difficult to identify devices,” he said.
To read the rest of this article, visit EBN sister site EETimes.