Wireless Networks Belonging to Fortune 1000 Companies Are Vulnerable

Rob Havelt, the practice manager for penetration testing at Trustwave's SpiderLabs, will demonstrate at the upcoming Black Hat Europe 2009 security conference that networks using the frequency-hopping spread spectrum (FHSS) technique are not at all secure, contrary to popular belief.

Networks based on FHSS radio signal transmissions are considered a precursor to today's wireless networks, which are built according to the IEEE 802.11 b/g/n standards. The FHSS technique implies quickly switching between 79 frequencies during communication between a receiver and a transmitter.

In order to receive the information transmitted using FHSS, clients need to know the apparently random sequence of the frequency hopping. This means that it should be pretty hard for someone to tap in uninvited. And indeed it was, but when the technology first appeared, according to Rob Havelt.

In fact, back in the day, one would have required very expensive equipment in order to attempt to intercept data sent over FHSS. This built a myth around the technology and caused it to be adapted to many uses. For example, a lot of companies included in the Fortune 1000 with large warehouses or production lines employ it for communication between their computers and various equipments, such as barcode scanners.

The technology is still being sold today, because it is cheap and is still being pitched as being secure. Even the military uses FHSS for its communication, granted, with some extra encryption, because it is also hard to jam by the enemy. "Sometimes vendors, and sometimes even credulous security consultants perpetuate the myth that this architecture is acceptable because unlike 802.11 off the shelf hardware to monitor these networks at the physical layer is not readily available," Havelt says.

In order to prove them wrong, the security researcher has built a system that uses inexpensive equipment that is easy to acquire, a piece of software that cracks FHSS algorithms, which he developed himself based on GNURadio, and a laptop. With this setup, he claims to be able to hack into an FHSS network in a matter of minutes.

"These networks present a large, gaping hole into a lot of organizations, because they're not architected with security in mind. […] Frequency hopping is definitely not a security protocol or security mechanism, and it can't be relied upon as a security mechanism. To do so is basic security through obscurity," the researcher comments for The Register.

His disclosure will come at a bad time for companies. Funds for technology upgrades are bound to be lacking, given the economic turmoil, and replacing all hardware with one that is more secure can prove very costly for vast networks.