Early Dec Meetup at Noisebridge


Live stream: https://www.youtube.com/watch?v=1K6LUAZpaWg

Twitter for updates: @spenchdotnet (https://twitter.com/spenchdotnet)

IRC: #cyberspectrum on Freenode.


We're back in full force with one heck of an international lineup!

We've got radio astronomy from Canada! We've got serious wireless security vulnerabilities from Austria!

• Marcus Leech from SBRAC (http://www.sbrac.org): "An integrated proof-of-concept 'all-digital' feed for 21cm radio astronomy"

We show ongoing work in designing and building a proof-of-concept 'all digital' feed for 21cm radio astronomy experiments. While manyprofessional radio astronomy observatories are using "digitize at the feed" techniques, amateur experiments (and successes) in this areaare very close to non-existent.

Digitizing at the feed carries many advantages, including overall system gain stability, and the ability to carry signals over cheap ethernet-over-fiber links.
We'll show an example feed arrangement that uses a differential radiometry approach, and does much of the initial processing right atthe feed, including radiometry and spectral calculations, sending summary data to an ordinary PC host over ethernet.

Challenges and pitfalls will be discussed.

• Tobias Zillner from Cognosec (https://www.cognosec.com): "ZigBee Smart Homes - A Hacker's Open House"

ZigBee is one of the most widespread communication standards used in the Internet of Things and especially in the area of smart homes. If you have for example a smart light bulb at home, the chance is very high that you are actually using ZigBee by yourself. Popular lighting applications such as Philips Hue or Osram Lightify and also popular smart home systems such as SmartThings or Googles OnHub are based on ZigBee. New IoT devices have often very limited processing and energy resources. Therefore they are not capable of implementing well-known communication standards like Wifi. ZigBee is an open, public available alternative that enables wireless communication for such limited devices.

ZigBee provides also security services for key establishment, key transport, frame protection and device management that are based on established cryptographic algorithms. So a ZigBee home automation network with applied security is secure and the smart home communication is protected?

No, definitely not. Due to “requirements” on interoperability and compatibility as well as the application of ancient security concepts it is possible to compromise ZigBee networks and take over control of all included devices. For example it is easily possible for an external to get control over every smart light bulb that supports the ZigBee Light Link profile. Also the initial key transport is done in an unsecured way. It is even required by the standard to support this weak key transport. On top of that another vulnerability allows third parties to request secret key material without any authentication and therefore takeover the whole network as well as all connected ZigBee devices. Together with shortfalls and limitations in the security caused by the manufacturers itself the risk to this last tier communication standard can be considered as highly critical.

This talk will provide an overview about the actual applied security measures in ZigBee, highlight the included weaknesses and show also practical exploitations of actual product vulnerabilities. Therefore new features in the ZigBee security testing tool SecBee will be demonstrated and made public available.


Marcus Leech:

Marcus has been involved in high-technology development for nearly four decades, having been involved in many aspects of IT and networkmanagement and development. He is past chair of several working groups in the IETF, and was Security-Area director in the IETF forfour years. Marcus worked for Nortel for nearly 20 years, spending many of those years in the office of the CTO, acting as a networksecurity advisor to the Nortel population, and managing and tracking international technical standards in that area.

He's currently employed in the media security industry, but his passion is applying his experience in high-tech to the problems ofamateur and small-scale science, most notably in Radio Astronomy, and related disciplines. He was leader of the now-defunctShirleys Bay Radio Astronomy Consortium project, and consults on science instrumentation projects through his consultancy,Science Radio Laboratories, Inc.

Tobias Zillner:

Tobias Zillner works as Senior IS Auditor at Cognosec in Vienna. He conducts information systems audits in order to assess compliance to relevant internal and external requirements and to provide a customers management with an independent opinion regarding the effectiveness, and efficiency of IT systems. Furthermore, Tobias evaluates and assures security of Information Technology by performing webapplication and web service penetration tests, source code analysis as well as network and infrastructure penetration tests. He has a Bachelor degree in Computer and Media Security, a Master degree in IT Security and a Master degree in Information Systems Management. Tobias expertise also applies to the IT Governance, Risk and Compliance domains. He was speaking at well known international security conferences such as Black Hat or Defcon and also holds a wide range of certifications, like CISSP, CISA, QSA, CEH, ITIL or COBIT.


We've also got more interesting topics ready for next year too! More SATCOM, more local homegrown projects!

More December details coming soon - stay tuned...