Sadly security through obscurity is
still prevalent in government systems, and this is a backward way
of trying to enforce that.
Here's a good primer on the 4.9ghz wireless spectrum and accessing
it.
https://www.youtube.com/watch?v=pjsXzFRJfT8&spfreload=10
Most 5ghz nics *can* access it, but are disallowed from doing so
by their regional encoding. Patches can bypass this as they show,
and you can then sniff safety networks. What you find is things
like wep, static keys, simple lack of security, SSID's like
"SCADA" popping up, all sorts of things.
You can also just go on ebay and find old 4.9ghz kit.
What to do in response? Threaten anyone that patches their kernel
driver to use a feature.
Same with cell phones. Years ago I had a palm pre on sprint, and
sprint's crap service made the phone unusable. I wanted it on
verizon, so I found cdma workshop software, reprogrammed the radio
band, and got it to connect to verizon. They refused to provision
the phone, and began hinting that what I was doing was technically
illegal after harassing them to make it work for near a month. I
gave up, annoyed with both sprint and verizon.
Then it made sense to me - what I was doing could also reprogram
the imei/meid on the device, pretending I'm someone else's radio,
or their phone all together. I could have just programmed the
meid off an old windoze phone, but that would have been blatantly
illegal, but was almost trivial once doing the rest that I did.
Much of their security presumes you *cannot* change that number,
but you can...
This is why cdma-based providers (sprint/verizon/cricket) lock
bootloaders explicitly, as anything else compromises the
possibility to tinker with the radio, and clone someone's phone.
Only the government can do that.
Software-defined radios tap into all sorts of possibility sniffing
into insecure protocol traffic previously unexplored due to fcc
vendor limitations in making versatile tunable radios. They're
afraid.
-mb
On 08/30/2015 02:19 PM, Eric Oyen wrote: