Forging a Wireless Time Signal to Attack NTP Servers

Explore the vulnerabilities of radio timing services and their impact on NTP servers in this Hack In The Box Security Conference presentation. Delve into the process of forging wireless time signals using low-cost circuits and learn how hackers can disrupt consumer electronic products and industrial NTP servers. Examine the encoding and modulation techniques for various timing signals, including WWVB, JJY, and DCF77. Discover the potential for GPS signal spoofing and its effects on NTP receivers. Gain insights from security researchers Yuwei Zheng and Haoqi Shan as they demonstrate practical attacks on time synchronization systems and discuss the implications for both consumer devices and critical infrastructure.

Intro
SPEAKER BIO
Main contents
About NTP server
The NTP stratum mode
About the NTP server
The reference clock
Forge long wave timing signals
WWVB encoding and modulation
JJY encoding and modulation Similar to the WWVB
DCF77 encoding and modulation
Long wave timing signal transmitter
Attack GPS NTP receiver
GPS receiver
GPS tech briefing
Generate GPS signal
Have a try
Panic
Update attack algorithm
Setup an NTP server JJY
Attack the NTP server
Root Dispersion
Real Attack?
References