How software defined radios (SDRs) will change security

Locks were considered very secure until the first lock pickers got their hands on it. Phone system were secure until the John Draper discovered some use for the toy whistle in Captain Crunch pack. Infact even the creators of internet didn’t think of too much security when it was initially designed.  Its the commoditization of technology which sometimes brings about the worst of all security bugs. And I believe the next round of changes are coming very soon.

Until very recently radios were built for a purpose and they rarely did more than what it was supposed to do.   Think of them like the early computers which took a whole room and could only do only type of a job per computer. Todays computer can do all kinds of stuff and unlike the older versions, they don’t need to be rewired physically to make them do a new job. Everything is done using software.

Wikipedia does a good job at defining what this is.

software-defined radio system, or SDR, is a radio communication system where components that have been typically implemented in hardware (e.g. mixers,filtersamplifiersmodulators/demodulatorsdetectors, etc.) are instead implemented by means of software on a personal computer or embedded system.[1] While the concept of SDR is not new, the rapidly evolving capabilities of digital electronics render practical many processes which used to be only theoretically possible.

A group of individuals figured out that some of the TV tuner cards can not only be reprogrammed to listen to a wider range of frequencies but could be driven entirely using software which could make it look like an all purpose radio receiver. Interestingly that USB tuner costs only about USD 20.

PaulDotCom mentioned SDRs in one of the talks as well but he went further and pointed out that SDRs could also be used to send signals which makes it significantly more dangerous. One of the worst examples he gave was that an SDR could be reprogrammed to generate fake transponder signals. They pointed out that modern aircrafts do listen for transponder signals from other nearby aircrafts and some of them are programmed to take automatic sudden evasive measures when it detects another aircraft close by.

The point is not that terrorists can attack airplanes this way… they could do it today by buying and reprogramming a real transponder. The point is that this technology will become so cheap that anyone would be able to do it with just a computer and a simple SDR transmitter.

I’m not really sure how good Transponders are with respect to security.. may be it has a good secure way of authenticating the transmitter. In which case all is good. But if thats not happening today, it will change at some point when this technology becomes as easy to disrupt as DNS is today.