Signals Defense CSO details how you can defend yourself 'digitally' against an attacker by understanding how you are vulnerable and the steps you can take to protect yourself.

1. Nearly everyone has an RF signature,
and it is becoming as common as your
fingerprint. This signature is the culmination of
device and device usage such as:
• Your cell phone’s frequency
• Names of the networks you connect to with your
devices
• Bluetooth devices and the connections to and
from them
• Your device or devices (e.g., laptop, phone, key
fob, garage door opener, home security system)
Have you ever attached to the free WiFi at your local
coffee shop or bagel store? If so, an attacker can use
your RF signature to track you and attack you when
you sit down in these seemingly benign locations.
Here is how it is done. By default, most devices
will automatically connect to a network that it has
previously attached to if the device is within range
of the signal. This is done for your convenience, and
an attacker knows this. In this scenario, your device
will establish a connection with the free WiFi access
point (AP). An attacker can visit that same coffee
shop and set up a rouge AP with an identical name
as the free WiFi AP, but with a stronger signal. You
come in for your cup of Joe and your device will
connect to the rouge AP instead of connecting to
the coffee shop. The attacker then has full control
of your Internet connection and can in many cases
monitor and alter all of your Internet traffic. This is
an example of a Man-in-the-Middle (MITM) attack.
The way a laptop or wireless device determines
that a previously connected to network is within
range is through a probe request. A probe
request is similar to the pool game called
Marco Polo. A device’s radio is constantly
calling out Marco, which is being
used in this analogy to represent
a previous connection. When
something with that name
is within range of the
probing device, it
Stalking Prey:
An RF Hacker’s
Perspective
by: Rick Mellendick,
Chief Security Officer
Signals Defense
51United States Cybersecurity Magazine

2. responds back with Polo, which is being used to
represent a wireless AP.
The cost of the equipment to create an MITM
attack used to be expensive. However, now with
advances in technology, an MITM attack is extremely
inexpensive to create. The computing power needed
for these attacks can be done utilizing an embedded
system (e.g., raspberry pi or beaglebone) for around
$45. The cost for a wireless radio begins at $10 and
goes up from there. In fact the most effective WiFi
radio in use for an MITM attack sells for just under
$15 and is sold in most common electronics stores.
For other RF signals of interest (e.g., cell phones,
key fobs, pagers) software defined radio (SDR) is
needed. The capability found in today’s SDR used
to cost upwards of $50K. An SDR that can be used
to intercept the signal from your cell phone can
be purchased for under $20. Most software used
in MITM attacks is free and open source. For less
than $100 an attacker can steal your data and take
control of your communications.
By knowing and understanding the tactics employed
by an attacker, it is easier to digitally defend yourself.
The six steps listed below will help you protect your
own personal RF signature.
Step 1: Turn off auto join networks. This is a setting
that is on most all smartphone operating systems
and computer operating systems.
Step 2: Change the way you do your work when
you are in a public place. Use your smart phone’s
wired tethering capability to give your computer an
Internet connection.
Join Network?
Join
Network?
By knowing and
understanding the tactics
employed by an attacker,
it is easier to digitally
defend yourself.
52 United States Cybersecurity Magazine

3. Step 3: If you must connect to free public
WiFi find one that offers an encrypted
connection. An encrypted connection will
make the attack more difficult.
Step 4: Turn off Bluetooth when not in use.
Step 5: Turn off your device’s WiFi connection
when not in use. This eliminates unnecessary probe
requests.
Step 6: Look at people in the coffee shop before
connecting to public WiFi. Is anyone sitting near a
wall outlet with things plugged into their computer
that doesn’t quite look right, such as small devices
with blinking lights, lots of cables, or antennas
connected to their computer? If so, you might want
to think twice about connecting to the public WiFi.
Don’t be the easy target or the low hanging fruit.
This will go a long way to securing you as your digital
fingerprint stays with you through life. ■
Rick Mellendick is the Chief Security Officer for Signals
Defense in Owings Mills, MD and has been a security
architect for multiple U.S. Government agencies and
private corporations. Mr. Mellendick specializes in
designing and testing wireless networks with non-
traditional strategies using offensive techniques. His
specialty is legally breaking and entering networks
through RF. He has over 17 years of IT and network
security experience, and he is a builder and breaker of
RF devices and connections. Mr. Mellendick is the creator
of The Wireless Capture the Flag (http://wctf.us).
Wi Fi
FREE
53United States Cybersecurity Magazine