IoT Radio Communication Attack

This is the 4^th part of the “IoT – Radio Communication Attack” series. It is important to review the other three articles to have a good understanding of the material covered in this article.

What we will learn – This article covers the various attacks that are possible on the Radio Communications component of an IoT Device. The attack methodology will be further examined, as well as the tools that are used and how the attack can be performed using them. Also, the theory behind the various attacks on Radio Communication will be reviewed.

Radio Communication – Let us understand what Radio Communication is first, so it becomes easy to understand how the various attacks can occur. Have a look at the image shown below.

The above image is of a car and a key fob for locking and unlocking the vehicle. One presses a button, and the car is locked/unlocked based on the key pressed.

When one presses the key, some data is transmitted in a binary format. The data is obtained after reversing the radio communication, which we will be examined in a future article. This binary data contains the logic of locking/unlocking the car. Thus, based on the binary data that is transferred, the car then is locked or unlocked.

The following are attacks that can be performed on the Radio Communication component of any IoT Device:

1. Replay Attack – This is the most prevalent threat. Also, it is straightforward to perform because of its substantial level of usage by the cyber attacker. As the name implies, the original data is replayed to the IoT device for performing the actual attack.
   

   Tools Used – HackRF, BladeRF, RTL-SDR, FUNcube dongle, GQRX, SDR#, URH, etc.
   

   The steps for performing the attack –
   

   1. Capture the (Read more...)