Radio hacking & security of wireless technologies SDR, LoRa, Bluetooth, Wi-Fi, and GNSS

DAY 1

• Fundamentals of Radio Hacking
  • Introduction to the radio spectrum and basic principles of wireless communication
  • Exploration of frequency bands and overview of communication protocols
  • Presentation of different SDR boards for radio hacking: HackRF One, LimeSDR, USRP, RTL-SDR
• Hacking with SDR Technology
  • Presentation of the Radio Penetration Testing Methodology
  • Exploration of different tools for radio penetration testing: GQRX, GNU Radio, Universal Radio Hacker, etc.
  • Reverse-engineering a wireless protocol from radio transmissions captured in the air
• LoRa(WAN) Hacking
  • Introduction to the proprietary LoRa modulation technology and the LoRaWAN protocol and their vulnerabilities
  • Exploration of different tools for LoRa penetration testing: GR-LoRa, laf, LoShark, etc.
  • Implementation of a LoRaWAN attack: Reuse of message counters

DAY 2

• Bluetooth Hacking
  • Introduction to the different Bluetooth technologies (BR/EDR, LE, MESH) and their vulnerabilities
  • Exploration of different tools for Bluetooth penetration testing: Bettercap, Gatttool, Bluetoothctl, Mirage, etc.
  • Implementation of Bluetooth attacks: BlueBorne, SweynTooth, Braktooth, KNOB, etc.
• Wi-Fi Hacking
  • Introduction to the different Wi-Fi technologies (WEP/WPA2-PSK/WPA2-EAP, EAP-SIM/WPA3) and their vulnerabilities
  • Exploration of different tools for Wi-Fi penetration testing: Wifite2, Aircrack-ng, WEF, Airgeddon, etc.
  • Implementation of Wi-Fi attacks: OwFuzz, Frag, Krack, etc.
• GNSS Hacking
  • Introduction to the different GNSS technologies (GPS, Glonass, Galileo, Beidou) and their vulnerabilities
  • Demonstration of a spoofing attack on GPS technology in the L1 band

No prior experience in radio security is required. However, knowledge of electronics, radio frequencies, or embedded systems is recommended for better understanding.

The electronic and computing equipment needed for the exercises will be provided to participants on-site:

• Pre-configured Raspberry Pi
• Radio analysis tools (HackRF One, RTL-SDR, etc.)
• Miniature drone vulnerable for practical exercises

This training targets individuals interested in the security aspects of wireless technologies. It is suitable for enthusiasts with an interest in embedded systems and radio, as well as IT and OT security professionals looking to explore cybersecurity in embedded and wireless systems.

Expert in cybersecurity for wireless technologies and embedded systems

• Projected PowerPoint presentation (support in English)
• Use of practical testing tools: Hardsploit, HackRF One, Universal Radio Hacker, etc.
• Interactive web platform (Klaxoon)
• Practical attack/defense scenario of a mini-drone

Assessments at the beginning and end of the course, quizzes, etc.

5 working days before the course start date (if financed by OPCO).

A training certificate complying with the provisions of Article L. 6353-1 paragraph 2 is issued to the trainee.