IP Products

Radio threat to infrastructure

by Mark Rowe

Digital Assurance, a security assessment and information assurance consultancy, has warned that critical infrastructure control systems are at risk from wireless attacks carried out over Software Defined Radio (SDR). Critical network control systems such as SCADA (Supervisory Control And Data Acquisition), Building Management Systems (BMS) and PLCs (Programmable Logic Controllers) all use a proprietary wireless technology which could potentially be hacked using SDR equipment and a PC. The specialist data communicated by these systems could be intercepted, captured and replayed to suspend service and cause widespread disruption. These systems will also be at greater risk it is claimed as smart meters are brought online, increasing the attack surface of the network. The lowering price point, advances in processing power and difficulties in detecting SDR attacks are also likely to increase its appeal, it is claimed.

SCADA industrial control systems are used to monitor and regulate utility services across multiple sites and distances and have been afforded some protection by the relative obscurity of the network. However, with up to 53 million smart meters across 30 million homes and businesses being added between 2014-2019, the number of potential access points on to the network is set to increase dramatically. The data relayed between these end devices can be intercepted, captured, jammed or replayed using SDR equipment, providing the hacker with network-wide access to field devices, control stations, generating stations and transmission facilities.

Smart meters, which use the Zigbee standard, are particularly vulnerable to signal capture, the consultants claim. Chosen for its energy efficiency, Zigbee has been routinely compromised. Keys are transmitted in the clear, transmissions are prone to interference, and in the event of a signal jam, frequency hopping capabilities are poor. Attempts have been made to secure Zigbee through authorisation and pre-configured security keys but both require additional system management.

The lowering price point and ease of use of SDR equipment make it the ideal tool with which to capture, intercept and manipulate Zigbee and other widely used wireless standards, according to the consultancy. It has overcome many of the obstacles associated with wireless hacking, such as frequency hopping or advanced modulation techniques, and eradicates the need for expensive equipment or an in-depth knowledge of wireless standards on the part of the hacker.

SDR works by capturing radio frequency signals using a high-speed ADC (Analogue to Digital Converter) enabling the direct digitisation of the radio frequency signal which can then be analysed by a DSP (Digital Signal Processor) before being converted into output data stream. The user can analyse slices of spectrum at their leisure, looking for carriers and modulated signals and go on to isolate the preamble and the payload, or message headers if searching for data streams, for instance. There are a variety of SDRs on the market but the USRP (Universal Software Radio Peripheral) is the tool of choice as it allows both reception and transmission which, when coupled with open source software such as GNU Radio, allows the creation of advanced radio systems. This uses a USB 2.0 interface, an FPGA and high-speed ADCs and DACs, to generate a sampling and synthesis bandwidth a thousand times that of a PC sound card, extending the reach of the equipment and enabling wideband operation.

Greg Jones, Director, Digital Assurance, says: “Wireless assaults on critical infrastructure will grow exponentially over the next few years, in line with the rollout of smart grid networks, and SDR provides the hacker with an opportunity to jump onto parts of this network. To date, critical systems have relied upon their relative obscurity to protect them but that will have to change. The only way of protecting a wireless device from an SDR attack at present is to ensure that it has been designed, configured and deployed to resist over-the-air attacks. Very few vendors of such equipment will give this type of assurance so independent testing is currently the only option until the industry applies itself to developing a solution. Understanding exactly what radio systems have been deployed and ensuring adequate risk assessments have been conducted is an essential first step.”

Greg Jones is delivering a presentation at Infosecurity 2013 on how these systems can be exploited, controlled and manipulated enabling the hacker to access everything from the gas and electricity supplies in our homes to the images fed to the police and the power supplies and SCADA of our national infrastructure.

Date/Time: Wednesday 24 April, 10.00-10.25
Venue: Infosecurity Technical Theatre, Infosecurity, Earl’s Court, London
Session: SCADA, smart meters and enterprise control systems: The next threat
Digital Assurance is exhibiting at stand L60 at Infosecurity Europe 2013.

Related News

  • IP Products

    Grundig distributed

    by Mark Rowe

    Midwich Security, the specialist security division of the distributor Midwich Group, has a new partnership with Grundig to distribute the security manufacturer’s…

  • IP Products

    IP development man

    by msecadm4921

    Ecl-ips, a Worcestershire-based IP based security and monitoring systems firm, has appointed John Twidell as its new Business Development Director. This comes…

  • IP Products

    IP horn speaker

    by Mark Rowe

    The IP-A1SC15 is the latest model of IP horn by TOA. Based on open standards network it has been designed to plug…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing