Locally Exploiting Wireless Sensors presented at SEC-T 2009

by Travis Goodspeed,

Tags: Security Hardware Reverse Engineering

Summary : Wireless sensors are often built with a microcontroller and a radio chip, connected only by a SPI bus. The radio, not the MCU, is responsible for symmetrical cryptography of each packet. When the key is loaded, it is sent as cleartext over the SPI bus, and an attacker with local access can steal the key using a few syringe probes and readily available hardware. This attack and other local attacks against wireless sensor networks will be presented in detail, including a live demo of an AES128 key being extracted from an operational network. Following the conclusion of the lecture, audience members are welcome to try out some of the speaker's equipment on example hardware.