Hacking the Wireless Frontiers
Wireless communications is vital to modern life and our dependency upon it is only set to grow, and in this post we take a look at two exciting projects which seek to explore the opportunities, and threats, that this presents.
The projects covered here make use of software-defined radio (SDR), which is is something that I first wrote about on DesignSpark coming up for two years ago in a blog post about open source GSM technology. Since then I've wrote about its application in a high performance system for amateur radio use, and how you can re-purpose low cost DVB-T receiver hardware for SDR experimentation and to receive aircraft Mode S transmissions.
Phi v0.1 hardware
The Phi transceiver from Per Vices is a PCIe card that can capture a slice of up to 200MHz of spectrum anywhere from 100kHz all the way up to 4GHz. Clearly inspired by the Universal Software Radio Peripheral (USRP) series from Ettus Research, it enables access to wideband SDR development hardware complete with an RF front end for an affordable $750. Thereby providing a solution which will appeal to intrepid experimenters as well as experienced radio systems engineers.
The Phi hardware isn't an open source design, but open source Linux drivers are provided and applications are developed using the GNU Radio SDR framework. Which means that it can be used out of the box with a wealth of examples and existing GNU Radio-based applications.
A start-up, it's still early days for Per Vices and at this stage it remains to be seen what people will create using Phi, but with those specifications the possibilities are endless and there is more than a subtle hint in Per Vices bold claim that it “does to wireless what Apple did to computers”!
Prototype HackRF hardware
The HackRF hardware has a target price of $300 and can tune from 30MHz right up up to 6GHz, albeit with a maximum bandwidth of 20Mhz given that it interfaces with the host via USB 2.0. In addition to which the ADCs and DACs are only 8-bit in contrast to the 12-bit ADC and 16-bit DAC resolution of Phi.
Since HackRF employs USB it's suited to use with a laptop and the reduced bandwidth and dynamic range don't present a problem for the intended application of security research, where it could be put to use in probing WLANs, ZigBee and DECT etc. and in uncovering flaws in wireless standards and in specific implementations. Which is not to say that HackRF couldn't be used for developing applications also, as long as 20 MHz bandwidth and 8-bit resolution is sufficient, which may rule out things such as use in creating a cellular base station.
In recognising the importance of having widespread access to tools such as HackRF for security research, the US Department of Defence has decided to fund the project via its Cyber Fast Track Programme to the amount of $200,000 over 1 year. A serious vote of confidence in the grassroots hacker community, and great to see the US government make an investment in a design that is entirely open source and that will be freely available to all.
GNU Radio and the USRP series sowed the seeds for a wireless revolution which continues to bubble away just under the surface, and Per Vices and HackRF serve as examples of SDR start-ups to come and how the hacker community is capable of developing wireless technology worthy of government investment.
Both devices provide a point of the future in which SDR plays a vital role, in the development of new technology and in helping to ensure the ongoing security of critical existing solutions.