Critical emergency services could be under threat of disruption owing to the adoption of low-cost Software Defined Radio (SDR), warns security consultancy Digital Assurance.
Software-defined radio systems, which translate hardware-based circuitry into software implementations, are widely expected to become the dominant technology in radio systems, like GSM and DECT phone systems, or WiMax.
And Digital Assurance for one is concerned, because the increasing use of SDR is increasing the potential risks of a hacking incident or cyber attack.
“Until recently, these communications systems have relied upon their obscurity to avoid being compromised and the necessary equipment was extremely expensive and hard to use,” said Jones. “But the lowering price point of SDR has laid these mobile communications wide open and this has been clearly demonstrated over recent years.
Jones warned that the dangers of hacking such critical infrastructure is increasing everyday, because SDR technology is becoming increasingly cheaper, more sophisticated, and more widely available.
SDR is a radio communication system where components (such as amplifiers) have traditionally been implemented in hardware, are now instead software-defined components. This allows these elements to be easily implemented and upgraded on personal computers or embedded devices, such as a mobile phone. It was initially developed by military and intelligence agencies in the 70s and 80s.
According to Digital Assurance, those attempting to compromise wireless communications systems in the past have used expensive equipment coupled with advanced signal analysis skills. Now, because it is all increasingly software-based, it has become a lot easier to hack into these communications.
“In contrast, SDR devices typically use a standard PC to capture and manipulate radio spectrum, potentially allowing an attacker to capture and demodulate advanced radio systems that were previously inaccessible to the hacking community,” said the company.
It also warned that common barriers to mobile attacks such as frequency hopping and advanced modulation techniques can be quickly overcome using off-the-shelf hardware and software.
More worryingly, Digital Assurance warns that a SDR vulnerability could impact a critical infrastructure, and the systems that control the critical infrastructure.
According to the consultants, SDR can also be used to compromise the, often, obscure and insecure radio systems used to transmit data between sensor devices and controller units, as found in many critical systems such as traffic lights, matrix boards, air-traffic control, railway signalling systems, and most distributed process control or supervisory control and data acquisition (SCADA) networks.
“Often these types of critical system use propriety wireless communication devices many of which were not designed with security in mind,” Digital Assurance warned.
The company added that it expects SDR-based hacking to increase dramatically in the foreseeable future, because of the attractiveness and diversity of these targets and the rapidly lowering cost of entry.
SDR can be used for numerous criminal activities, such as signal capture; creation of fake GSM or DECT signals; and, potentially, even emulating Tetra base stations. This could facilitate intercepting or disrupting communications; interception, injection and jamming of point-to-point communications systems, such as road/rail side signalling systems; jamming and potentially spoofing of critical communications, such as time signals or even GPS signals.
Page: 1 2
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
This piece is based on incorrect information
Tetra cannot be hacked