BRINGING SOFTWARE DEFINED RADIO TO THE PENETRATION TESTING COMMUNITY presented at BlackHatUS 2014

by Jean-michel Picod, Jonathan-christofer Demay, Arnaud Lebrun,

Summary : The large adoption of wireless devices goes further than WiFi (smartmeters, wearable devices, Internet of Things, etc.).
The developers of these new types of devices may not have a deep security background and it can lead to security and privacy issues when the solution is stressed.
However, to assess those types of devices, the only solution would be a dedicated hardware component with an appropriate radio interface for each one of them.
That is why we developed an easy-to-use wireless monitor/injector tool based on Software Defined Radio using GNU Radio and the well-known scapy framework.
In this talk, we will introduce this tool we developed for a wide range of wireless security assessments: the main goal of our tool is to provide effective penetration testing capabilities for security auditors with little to no knowledge of radio communications.