Hi, I have been having a look at utilising RF and trying to understand how every device around me emits RF.

I recently came across RTL-SDR and HackRF, alongside software like SDR++, TempestSDR, gqrx etc. I know that I can spy on my monitor and record keyboard keys being pressed using RF, but what are some other ways I should be looking at to exploit my digital vulnerabilities, and trying to solve such problems?

Thanks!


Edit: I’m well aware that nothing I’m doing is that interesting to security agencies across the globe. With that said, I’m interested in maintaining my privacy, and this happens to be an avenue I find interesting. Any suggestions on how I can look to do so would be greatly appreciated!

  • MigratingtoLemmy@lemmy.worldOP
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    Thank you, but as I note in my edit, it is an avenue which I would like to explore with respect to privacy concerns. Technically speaking, if someone had the interest, they could sit a floor below me, tune in and be able to see what I’m typing right now. Not saying that anyone would specifically do this, but the point remains that it is cheap and somewhat easy to do so.

    • Car@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      1 year ago

      You should try this. I guarantee that it’s nowhere near as easy as you’re thinking.

      There’s a huge difference between proof of concept activities and useful, fruitful information gathering and analysis.

      If you’re going to be downloading programs and running scripts without doing the work to understand how these tools were built and how to modify them to suit your use cases, then you aren’t actually going to get anything useful out of them.

      • MigratingtoLemmy@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Thanks, yes, I realised that it is not as easy as it sounds. There is so much more interference in the real world.

        I have come across the applications I mention in my post, but I don’t think I’m at the stage yet when I can appreciate the difference in specialities amongst them. Could you point me in the direction I should go to learn more about snooping on RF from consumer hardware?

        • Car@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Best place to start is by vacuuming up some open courseware from MIT on the topics you’re interested in. RF fundamentals, basic wireless communications, maybe some basics of network security and fundamentals of computer security or cryptology.

          You need a knowledge base in order to know what to look for when you run into problems, else you just kind of waste a lot of time.

          Then, familiarize yourself with wireshark. Start the program and visit a few http websites to see what information your computer is transmitting and how it’s formatted. Your goal is to ultimately snoop on this information and modify it. You need to know how to change a character in the middle of a packet to deliver an effect. If none of that makes sense…

          Learning an SDR is honestly a bit of a pain. You can get a $30 antenna on Amazon that covers the ~1-6 GHz range and that will enable a lot of what you want to do. Try to pick up on old router that supports the WEP protocol. It’s old and deprecated with lots of information on how to break it.

          Combine the SDR with your computer and wireshark to visit a webpage with HTTP. You’re almost certainly going to run into problems manually isolating and cleaning up the WiFi signal on your SDR into something that’s useful, but you probably have enough to start you off on your journey. If you can capture the WiFi traffic and convert it from an analog waveform into a digital bitstream, then you can finally begin doing useful things. Of course… you need to decrypt the bitstream and account for errors.

          Good luck

          • MigratingtoLemmy@lemmy.worldOP
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Hey, thanks for your comment. I don’t think I’ll be able to get anything from snooping on my WiFi signal, it’s WPA2 and will be upgraded to WPA3 soon. I don’t have the skills to fight that kind of encryption, unless I’m missing something very basic here.

            I do have some understanding of networking and network security, and am familiar with wireshark. My intention to get into this subject was to try and find exploits possible outside of a network (discounting OPSEC). Basically, I wanted to see what wireless exploits I would hold even if I hardened my network to the maximum (shut down my connection to the Internet maybe). That is my motivation to try and learn about RF hacking, alongside maybe using it with IoT, etc (I plan to use FOSS software and will not allow access to the Internet).

            I am mainly looking for signals around me that are unencrypted/loosely encrypted. There’s no chance for me to break 128-bit encryption anyway, I won’t even try to do that.

            Thanks again! This really helped :)

            • Car@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              It’s best to purchase an old router which doesn’t support new protocols to learn with. It should only be used for your testing - not meant for normal use. WEP will be several orders of magnitude easier to crack than WPA2 or WPA3. Tools can help you break certain implementations of encryption regardless of how many bits of entropy that are being used - often by addressing weaknesses in the algorithms or cryptologic pathways vice brute forcing. That’s often the kind of thing demonstrated in conferences and featured in research papers.

              As far as everything else is concerned, you’ll get there if you stick with it. I’ll echo what others have said in this thread; there are some serious diminishing returns for attaining absolute security, all of which can be bypassed by attacking you.

              • MigratingtoLemmy@lemmy.worldOP
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Thank you, and I might actually do so for testing purposes. I will note though, that my intention of learning about RF is to understand the ways in which I’m open to attacks which include RF. Not that worried about WiFi (WPA2/WPA3), but thanks for the idea