Michael Ossmann on HackRF One, rad1o and SDR

A couple of weeks ago, at DefCon 23 in Las Vegas, I missed the chance to talk to Michael Ossmann. Luckily, he decided to join us at the Chaos Communication Camp in Germany a week later.

Our official camp badge is a powerful Software-defined Radio (SDR) device based on the layout of Michael’s famous HackRF One. Thanks to sponsors and the amazing work of your fellow Munich CCC hackers, we were able to release 4500 rad1o SDR devices into the hands of hackers and interested parties.

I guess we will see a lot of broken protocols in the future. But who could tell better than a guy who teaches wireless security, invented an affordable SDR device and is the founder of Great Scott Gadgets. I had the chance to sit down with him for an interview after the rad1o badge talk.

ccc rad1o badge

soldering

Interview

Dan: Michael, you are the driving force behind the HackRF One. What was your motivation behind building it?

Michael: I wanted to make SDR more accessible to people. I teach a class on SDR and I tried to teach people in the security community how to use SDR. The HackRF One was built because it is incredibly powerful for wireless communication, security research and development.

Dan: What do you think about the rad1o badge, which is based on the HackRF?

Michael: I put all the work into making low cost SDR transceiver and I suggested just copying my design. The design is open-source on purpose. I found out about the rad1o badge about a month ago on twitter. My initial thought was: Wow, i have to go to the camp, I can’t miss this! Since then I have met the creators of the rad1o badge and it has been great. I am a big fan of what they are doing and they welcomed me into their talk tonight.

Dan: In your opinion, what is the state of wireless security?

Michael: A lot of people in the security community are familiar with wifi and the tools that you can use on wireless networks. These tools are very good, you can buy an of-the-shelf wifi adapter that is a good tool for wireless security work. However, for anything other than wifi the tools are few and far between. That is the thing that excited me the most about SDR. SDR is a universal radio. It allows me to explore protocols other than wifi and it allows me to create tools for protocols other than wifi. When you start exploring other protocols, especially low speed protocols, you often find that security is either poor or absent. It is like computer security of the eighties. the makers of the protocols don’t have a mature view of communication security.

Dan: Is there something that everyone, including non-technical users, should know about wireless?

Michael: I think the thing that everyone should now is, that you can experiment with it. You don’t have to go to school for years to experiment with wireless. All you need is a SDR device and you can explore the wireless spectrum. Homes are incredible full of wireless systems such as windows shields and heating now, especially compared with 20 years ago. You got a bunch of radios in your pocket. In the car, every wheel has a radio, and it is parked in a garage with a radio controlled door.

Dan: What industries do you think are the most endangered or disrupted with SDR devices like the HackRF becoming more affordable, better in quality and more widely spread?

Michael: We have already seen the incredible explosion of low-cost low-power wireless communication systems. The trend will continue. I think what HackRF enables, is not necessarily industry, but the community. It enables individual people to experiment with radio, instead of companies with research labs. I do see HackRF be used a lot by startups, low-budget startups that try to do a lot with a little bit of funding. They use HackRF instead of high-cost RF test equipment. They replace signal generators and spectrum analyzers, saving tens of thousands of dollars which lowers their development costs. I was thanked by people personally for saving them lots of money. It is also very good for education. Instead of one expensive piece of lab equipment, they can buy many HackRFs and get a device in each students hand. That is very rewarding to me personally, as education is one of the goals I had in mind when I was making hackRF.

Dan: One last question. Is there anything that you recommend for the average user to avoid getting owned? What are the top things to do, and what are the top things to avoid?

Michael: Unfortunately, the wireless communication protocols used by common household devices typically don’t have very good security features. If they run on wifi, they are usually better. For anything else, the best advice I can give you is, learn a bit SDR, explore the interfaces yourself and find out what is vulnerable and what is not. And do please share the knowledge!

The same debates and problems we had about computer security in the nineties are happening now for new type of devices that do not used to be a computer before. Your ceiling fan is now a computer with a wireless interface. It is made by a company that made fans in the past, not computers. The company has no experience in building computers. It has no experience in bug hunting and it does not even have a bug bounty program. It has a huge misconceptions about the security of their products. Things the computer industry had to learn long before is now a challenge for every industry that builds anything that is becoming a computer, basically everything. The compute industry understands that it is a hard problem, it requires iteration and input from users and researchers. Other industries have to learn that.

Dan: Thanks you very much for the interview and also for giving the community such a great tool and making it open-source.

Michael: You are welcome.