Breaking the Security of Physical Devices

Explore the vulnerabilities of common household devices and physical security measures in this Black Hat conference talk. Dive into the world of security breaches affecting popular car models, home alarm systems, and baby monitors. Learn how keyless entry systems can be compromised using predictable rolling codes, software-defined radio, and custom-built robots. Discover the simplicity of eavesdropping on analog baby monitors and the concerning weaknesses in home alarm systems using fixed codes. Examine how a low-cost Arduino and Raspberry Pi-based device can be used to capture and replay codes, effectively disabling alarms. Investigate physical tampering techniques that allow attackers to read secret passcodes from alarm system microcontrollers. Gain insights into these simple yet effective attacks on everyday physical devices and understand mitigation strategies to differentiate between secure and vulnerable products. Follow along with detailed analyses of signal processing, cluster analysis, and phase space analysis techniques used to break device security.

Introduction
Eavesdropping analog baby monitors
Analog baby monitors?
Using upconvertors
Finding the signal using Spectrum analysis
Denodulating the signal
What home alarms use RF- remotes?
The hardware
Replay attacks with GNURadio
Amplitude (an) Modulation
Using cluster analysis to determine pulse widths
Mitigation
Interfacing with the microcontroller • Disassembly reveals labelled KPK and test
Reading secret passcodes
Analysing the rolling code
Phase space analysis of the rolling codes
Testing codes
Bruteforce?
Does it work?
Conclusion