Burning down the house with an RF hacking watch

Wearable devices take a sharp left down hacker’s lane.

Google’s Glass and Apple’s rumoured iWatch are attracting interest in wearable technology, but security researchers have found another application -- hacking the wireless home.

A researcher on Wednesday released a new tool on GitHub that converts an RF-enabled watch into a “wearable sub-GHz hacking tool” that could allow an attacker to remotely control wireless home energy monitoring tools and, under the right conditions, burn down a house.

Adam “Major Malfunction” Laurie, a white hat hacker and director of UK security firm Aperture Labs, released ChronIC, or the Chronos Integrated Commander, which transforms Texas Instruments’s (TI) $60 EZ430-Chronos RF-equipped watch into the “wearable sub-GHz hacking tool” .

The watch is equipped with an LCD display and a sub GHz radio that, unobstructed, can communicate with compatible devices up to 100 metres away, according to tests run by TI staff.

The hacking tool is one of dozens of existing applications for the RF watch, which has previously been demonstrated as a home wireless locking system, but Laurie’s application highlights a weakness he’s seen in most “invisible transport mechanisms”.

“Nobody can see what's going on, so we don't need to worry about it, right? Wrong. Time and time again I've seen this... MagStripes, InfraRed, RFID, Bluetooth, Magic Moon Beams. You name it, they'll send data over it insecurely,” he writes.

The idea for the Chronos watch stemmed from a hardware security testing project involving several protocols including, WiFi and smart appliance specification, Zigbee.

Laurie said he “noticed something going on in the 400Mhz band” -- a frequency often used for keyless entry systems for cars and home wireless systems. But, as this entry on How Stuff Works notes, for security reasons, car systems contain “rolling codes”, which generate a random frequency for each instance it is used.

“Opening car doors is a nice party trick, but because modern vehicles are secured by rolling codes, that's all it is - a party trick. You'll be able to do this once and once only with each 'hacked' sequence,” Laurie explains.

The same however is not true for some home wireless equipment, such as the Owl Single Socket Power Saver, a £10.95 energy saving product for the UK market sold by UK firm 2 Save Energy Ltd, which, Laurie notes, allows a user to control mains-voltage home appliances via RF.

Using a sub-$200 spectrum analyser, RF Explorer, Laurie demonstrated he could easily determine the frequency of the Owl device and his home wireless doorbell convert analogue wave signals into a digital format suitable for transmission by the Chronos watch to ring the doorbell.

“Clearly, this could have serious consequences if care is not taken when switching things on and off. What if it's an electric heater and it got shoved into a corner to vacuum the room?,” the researcher notes.

Join the CSO newsletter!

Error: Please check your email address.

More about AppleChronosCommanderGoogleSocketTexas Instruments Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts