Practical Exploitation Of Modern Wireless Devices: Keykeriki V2 presented at t2 2010

by Thorsten Schröder (Dreamlab Technologies AG),

Tags: Security Wireless

URL : http://t2.fi/schedule/2010/#speech1

Summary : Wireless keyboards have been target to dedicated attacks by Philipp Schroedel, Max Moser and Thorsten Schröder several times. This time, the attack vector is larger: They built new tools in hard- and software, which enable attacks using zero-knowledge approaches without expensive radio equipment. These tools are able to capture and analyze raw data that is transmitted using widely spread, highly integrated, low cost 2.4 GHz transceiver chips. The technique allows also being expanded to different platforms at speeds up to 2Mbit/sec.

Since many wireless embedded devices are using Nordic Semiconductor’s (or other’s) 2.4GHz SoC flag-ships, Schröder and Moser prepared the base for attacks on all NRF24xx “Enhanced Shockburst[tm]” based solutions such as wireless keyboards, security systems, home entertainment, medical devices, ... Their tools are able to capture and inject data into - for example - wireless keyboard communication, thus being able to perform platform independent remote command execution.

Remote command execution and sniffing of wireless keyboard traffic is demonstrated at the presentation, but the technical demonstration and attacks are not limited to wireless keyboards.

New embedded devices of a complete different class are subject to the current research and will be demonstrated for the first time at the t2’10 conference, as well as the current and new Open source release of the Keykeriki V2 tools. The talk will provide a brief introduction to the underlying technics, as well as the challenges during the practical path of exploitation of modern embedded, wireless devices - using the Keykeriki V2.

Thorsten Schröder: Thorsten Schröder works as Senior Security Consultant at Dreamlab Technologies AG, Switzerland. Besides his IT security consulting tasks, he’s specialized in software security assessments and Reverse Engineering. Prior joining Dreamlab Technologies, he worked as Senior Security Consultant at Recurity Labs GmbH in Berlin.