Burning down the house with an RF hacking watch

Wearable devices take a sharp left down hacker’s lane.

Google’s Glass and Apple’s rumoured iWatch are attracting interest in wearable technology, but security researchers have found another application -- hacking the wireless home.

A researcher on Wednesday released a new tool on GitHub that converts an RF-enabled watch into a “wearable sub-GHz hacking tool” that could allow an attacker to remotely control wireless home energy monitoring tools and, under the right conditions, burn down a house.

Adam “Major Malfunction” Laurie, a white hat hacker and director of UK security firm Aperture Labs, released ChronIC, or the Chronos Integrated Commander, which transforms Texas Instruments’s (TI) $60 EZ430-Chronos RF-equipped watch into the “wearable sub-GHz hacking tool” .

The watch is equipped with an LCD display and a sub GHz radio that, unobstructed, can communicate with compatible devices up to 100 metres away, according to tests run by TI staff.

The hacking tool is one of dozens of existing applications for the RF watch, which has previously been demonstrated as a home wireless locking system, but Laurie’s application highlights a weakness he’s seen in most “invisible transport mechanisms”.

“Nobody can see what's going on, so we don't need to worry about it, right? Wrong. Time and time again I've seen this... MagStripes, InfraRed, RFID, Bluetooth, Magic Moon Beams. You name it, they'll send data over it insecurely,” he writes.

The idea for the Chronos watch stemmed from a hardware security testing project involving several protocols including, WiFi and smart appliance specification, Zigbee.

Laurie said he “noticed something going on in the 400Mhz band” -- a frequency often used for keyless entry systems for cars and home wireless systems. But, as this entry on How Stuff Works notes, for security reasons, car systems contain “rolling codes”, which generate a random frequency for each instance it is used.

“Opening car doors is a nice party trick, but because modern vehicles are secured by rolling codes, that's all it is - a party trick. You'll be able to do this once and once only with each 'hacked' sequence,” Laurie explains.

The same however is not true for some home wireless equipment, such as the Owl Single Socket Power Saver, a £10.95 energy saving product for the UK market sold by UK firm 2 Save Energy Ltd, which, Laurie notes, allows a user to control mains-voltage home appliances via RF.

Using a sub-$200 spectrum analyser, RF Explorer, Laurie demonstrated he could easily determine the frequency of the Owl device and his home wireless doorbell convert analogue wave signals into a digital format suitable for transmission by the Chronos watch to ring the doorbell.

“Clearly, this could have serious consequences if care is not taken when switching things on and off. What if it's an electric heater and it got shoved into a corner to vacuum the room?,” the researcher notes.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about AppleChronosCommanderGoogleSocketTexas Instruments Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts