DEF CON 31 War Stories - CON trolling the Weather - Paz Hameiri

Показать описание

Nearly 1,800 weather balloons are launched across the world on any given day. As the balloon goes up it expands and pops at an altitude up to 33 Km (110K feet) above the earth.The flight payload is called a radiosonde. It measures pressure, temperature, relative humidity, position, and velocity during its flight, and transmits the data to a sounding receiver. One or two missing weather balloons won't impact the daily forecast. However, many missing balloons could lead to errors in weather models and forecasts. Weather balloons are also important for gathering weather data for satellite launches and human spaceflights, as launches are often delayed or scrubbed due to upper-level wind shear.

In this talk, I present a simulation framework for the most popular radiosonde model. It enables an attacker to generate radiosonde messages or alter logged messages for retransmission. I also present simulations of a jamming attack and a spoofing attack on a sounding receiver:

During a jamming attack, the receiver is unable to receive transmissions from active radiosondes.

During a spoofing attack, the transmitter sends fake radiosonde messages to a target receiver, identifying as an active radiosonde.

I'll talk about the shortcomings of the military variant of the radiosonde model and suggest a simple way to cope with spoofing attacks.

Рекомендации по теме

Комментарии

Interesting idea! Also worth noting that the sonde type data is now quite out of date, with Graw DFM17 radiosondes now occupying a big slot due to them being adopted by the US NWS.
I'd be interested to see how the spoofing works against a real Vaisala ground-station - our reverse engineered receivers are quite tolerant of oddities in the telemetry, I suspect the vaisala ground station might not be as tolerant!

markjessop

DEF CON 31 War Stories - CON trolling the Weather - Paz Hameiri

DEF CON 31 War Stories - Living Next Door to Russia - Mikko Hypponen

DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper Quintin

DEF CON 31 War Stories - The Risks of Pointing Out the Emperor is Buck Naked - Renderman, Tom Dang

DEF CON 31 War Stories - A Different Uber Post Mortem - Joe Sullivan

DEF CON 31 War Stories - A Series of Unfortunate Events - Ben Sadeghipour, Corben Leo

DEF CON 31 - War Stories - Youre Not George Clooney, and This Isnt Oceans 11 - Andrew Brandt

DEF CON 31 War Stories - UNConventional Cybercrime - Bad Treaty Becoming Law - Rodriguez, Budington

DEF CON 31 War Stories - New Isn’t Always Novel Grep Your Way to $20K at Pwn2Own - Horseman, Hanley...

DEF CON 31 War Stories - Nuthin But A G Thang Evolution of Cellular Networks - Tracy Mosley

DEF CON 31 - War Stories - Finding Foes and Yourself with Latency Trilateration - Lorenzo Cococcia

DEF CON 31 War Stories - Legend of Zelda Use After Free - Allan Cecil

DEF CON 31 War Stories - CON trolling the Weather - Paz Hameiri

DEF CON 31 - Terminally Owned - 60 Years of Escaping - David Leadbeater

DEF CON 31 - Ringhopper - How We Almost Zero day’d the World - Benny Zeltser, Jonathan Lusky

DEF CON 31 War Stories - Designing RFID Implants Flipping the Bird Opens Doors - Miana Ella Windall

Why Def Con 31 SUCKED - Full recap & review | Ep. 38

DEF CON 31 - Infinite Money Glitch - Hacking Transit Cards - Bertocchi, Campbell, Gibson, Harris

DEF CON 31 - Badge of Shame Breaking into Secure Facilities with OSDP -Dan Petro, David Vargas

DEF CON 31 - Physical Attacks Against Smartphones - Christopher Wade

DEF CON 31 - certmitm Automatic Exploitation of TLS Certificate Validation Vulns - Aapo Oksman

DEF CON 31 - A Pain in the NAS Exploiting Cloud Connectivity to PWN your NAS - Moshe, Brizinov

DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe Slowik

DEF CON 31 - Hack the Future - Why Congress & White House Support AI Red Teaming - Austin Carso...

DEF CON 31 - Hack-A-Sat Interview - video team