Top 10 Internet of Radios Vulnerabilities

The Bastille Research Team proactively monitors for new radio-borne threats. Their breakthrough research and discoveries such as MouseJack and KeySniffer help to keep not just Bastille clients, but the larger ecosystem safe. Each month, Bastille Research reports on and ranks the most prevalent and most pernicious attacks.

1    Rogue Cell Towers

Rogue Cell Towers AKA Stingrays, IMSI Catchers. Rogue cell towers are used to hijack cellphone connections, allowing attackers to listen to calls and read texts. An attacker can even push malware to a vulnerable phone to hack it.  A common use of Rogue Cell towers is to break 2-factor authentication. 

2    Rogue Wi-Fi Hotspots (e.g. Wi-Fi Pineapples)    

Rogue Wi-Fi Hotspot and rogue Wi-Fi access points (including Wi-Fi Pineapples) can impersonate legitimate Wi-Fi networks, and can be used for Man-In-The-Middle attacks to sniff network traffic and steal credentials. Can someone in your building by-pass all your Wireless Intrusion Detection Systems by opening a Wi-Fi hotspot which detours your data around your expensive Wi-Fi anomaly detection?

3    Bluetooth Data Exfiltration   

Bluetooth tethering can be used to pair a network device with a cellular data path (e.g. 4G LTE) which bypasses your traditional network security. How do you detect when someone starts Bluetooth tethering in your building? How do you avoid false alarms when the Bluetooth is only being used to connect a headset?

4    Eavesdropping/Surveillance Devices

Conference room devices (e.g. conference room bugs and other eavesdropping devices). Voice-activated FM & GSM bugs using radio cost as little as $20 on eBay.

5    Vulnerable Wireless Peripherals 

Low-end keyboards allow for sniffing of keystrokes from 250 feet away because they do not implement encryption.  A vulnerable wireless mouse dongle can expose the computer it is connected to external attack through keystroke injection. If the computer itself is compromised, it can expose the larger network to insider attacks.

6    Unapproved Cellular Device Presence    

Unapproved Cellular Device Presence (2G GSM, 3G WCDMA, 4G LTE). It’s one thing to have a “no cell phones in this area” policy. It’s another thing to detect policy violations!

7    Unapproved Wireless Cameras

Inexpensive wireless cameras are great for security when your security department installs them. But if someone else installs them then they can be used to plan security breaches. Know every camera operating in your facility and whether it works for your security team or someone else’s.

8    Vulnerable Wireless Building Controls

Never configured Wireless Building Controls (e.g. default credentials). Many new pieces of equipment ship with two consoles: Ethernet and “Radio Ready” Consoles. You know about your Ethernet console but is there another console on your equipment set up with default configuration?

9    Unapproved IoT devices

New thermostats and building sensors often have multiple data radios. Wi-Fi is the one you know about. But is your sensor also transmitting on other frequencies like ZigBee (short range) or LoRa (up to 1 mile range)? What data is beaming down the street that you don’t know about?

10    Vulnerable Building Alarm Systems

Many Window, Door and Motion detectors can be ordered to “pay no attention to the man climbing in the window” by someone carrying a $10 radio jammer, or $300 Software Defined Radio, which can also simulate any alarm event. Security professionals need to be alerted when someone attempts to jam any part of their alarm system.