Analyzing device traffic on sub-gigahertz frequencies
Kajova, Henri (2024)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2024112730704
https://urn.fi/URN:NBN:fi:amk-2024112730704
Tiivistelmä
The goal of this thesis was to find ways to analyze radio frequency traffic
resulting from communications between devices operating on sub-GHz
frequencies. It was commissioned by the South-Eastern Finland University of
Applied Sciences. The focus is on license free frequency bands that are
commonly used by device manufacturers for low power applications. The sub-
GHz communications have traditionally not been a large point of interest when
looking into cybersecurity even though devices can be vulnerable within the
range of the transceiver. Concerns that have emerged recently have been due to
availability of affordable devices that are used for radio frequency hacking. As an
example, locking and security systems used for securing infrastructure and
industrial locations can be vulnerable without proper implementation.
A constructive approach was used as the research method. This approach
revolves around experimentation to create a new construct to solve the problem.
It is an iterative process where results are built upon. In this approach the topic is
researched theoretically and practically to build a starting point.
Theoretical framework was built to understand what license free frequency bands
are used and how they are regulated in Finland. Analyzing the traffic required an
understanding about techniques used in radio frequency data communications.
Available devices and software needed to be researched to pick the most
effective and affordable ones. Background about most typical vulnerabilities was
researched to understand what analysis needed to be done to identify a
vulnerable device. Testing was done using two devices, RTL-SDR and Flipper
Zero. Different methods and software were used to show that the results were
reproducible. The research was completed by studying documentation and
source code to demonstrate reconnaissance. This built understanding where
tracking and surveillance were possible. Based on what was learned, new ideas
for future development were given.
It was shown that it is possible to analyze captured unencrypted traffic between
sub-GHz devices and find other vulnerabilities using a device capable of
transmitting. The work can serve as base knowledge for further research.
resulting from communications between devices operating on sub-GHz
frequencies. It was commissioned by the South-Eastern Finland University of
Applied Sciences. The focus is on license free frequency bands that are
commonly used by device manufacturers for low power applications. The sub-
GHz communications have traditionally not been a large point of interest when
looking into cybersecurity even though devices can be vulnerable within the
range of the transceiver. Concerns that have emerged recently have been due to
availability of affordable devices that are used for radio frequency hacking. As an
example, locking and security systems used for securing infrastructure and
industrial locations can be vulnerable without proper implementation.
A constructive approach was used as the research method. This approach
revolves around experimentation to create a new construct to solve the problem.
It is an iterative process where results are built upon. In this approach the topic is
researched theoretically and practically to build a starting point.
Theoretical framework was built to understand what license free frequency bands
are used and how they are regulated in Finland. Analyzing the traffic required an
understanding about techniques used in radio frequency data communications.
Available devices and software needed to be researched to pick the most
effective and affordable ones. Background about most typical vulnerabilities was
researched to understand what analysis needed to be done to identify a
vulnerable device. Testing was done using two devices, RTL-SDR and Flipper
Zero. Different methods and software were used to show that the results were
reproducible. The research was completed by studying documentation and
source code to demonstrate reconnaissance. This built understanding where
tracking and surveillance were possible. Based on what was learned, new ideas
for future development were given.
It was shown that it is possible to analyze captured unencrypted traffic between
sub-GHz devices and find other vulnerabilities using a device capable of
transmitting. The work can serve as base knowledge for further research.