Software-defined radio is here, and with it comes a whole new way for people to spy on you, or so security experts believe. The radio that your cell phone uses to communicate with towers is just one of the devices that are now vulnerable to hacking, thanks to an industry move away from specialized radio hardware and towards flexible software-defined radio technology.
In a traditional radio, most of the signal processing — the mixers, filters, amplifiers, modulators, detectors and other functions — are controlled by hardware, which is the reason that radios can only receive certain kinds of transmissions that they were specifically built to deal with. The radio in your car, for example, could never listen in on communications between Air Force jets because military radios use different protocols than Sports Talk Radio, and the hardware is set in stone with no way to change between protocols.
But what if computers were powerful enough to process radio signals with little more than a radio receiver as hardware? Every radio could then send or receive many different kinds of protocols. Engineers could design software systems that did things that were unimaginable in the age of analog processing.
According to experts who will speak at the Princeton ACM/IEEE on Thursday, February 18, software-defined radio has already arrived, and it’s time to start thinking about managing the risks that come with it. The free meeting begins at 8 p.m. in Room 105 of the Princeton University Computer Science Building. For more information, visit www.princetonacm.acm.org or call 908-285-1066.
Speaking at the meeting will be Joe Jesson, John DeGood, and Rebecca Mercuri. Jesson is a former CTO of General Electric, who worked on radios for the company and who now collects and restores Cold War communications equipment as a hobby. DeGood is an engineer for Lockheed Martin Advanced Technology Laboratories, and in his spare time uses radio to track thousands of airplane flights every day. Mercuri is the lead forensics expert at Notable Software Inc.
All three of the engineers have been paying a lot of attention to software-defined radio lately. DeGood took notice last year when he noticed that it was possible to buy a USB dongle for $6.86, including shipping, that was essentially a fully programmable software-defined radio. DeGood bought one and plugged it in to his Raspberry Pi computer and is using it for his hobby of planespotting.
By installing some software from the Internet, DeGood is able to listen to pilots’ radio communications, as well as see where airplanes are, based on their radio beacons. He then uploads the information to websites where together with other planespotters, every single aircraft in the country is tracked. If you’ve ever used a service to track an arriving flight, there’s a good chance that some of this information came from the planespotting community that DeGood belongs to.
As it turns out, the dongle was designed for receiving HDTV broadcasts in Europe, but an undocumented feature of the device was the ability to receive any signal in the 50 mhz through 2 ghz range, if it was set up correctly. “You can listen to an FM commercial broadcast, or a transmission from an airliner going overhead,” DeGood said. “There are literally hundreds of open source programs for these things, and it’s just amazing what you can do for so little money.”
The technology, however, could be used for mischief. “It can pick up phone frequencies. Even if it’s encoded, you could use several of these devices to triangulate and figure out the position of the signal you’re receiving. You can track people that way even if you don’t know what the communication is. The signal often gives away information.”
DeGood grew up in Kansas, the son of an accountant father and secretary mother. He studied at the University of Missouri and earned a master’s degree at the University of Delaware. DeGood spent the first 19 years of his career researching instruments for Hewlett Packard and then worked at Sarnoff Lab for eight years before joining Lockheed-Martin. In addition to his planespotting hobby, he’s a yoga teacher.
DeGood says that software-defined radio represents a great opportunity for commercialization, but that the possibility for the technology to be abused is very real. “You could hack the radio to get malicious software onto one of these things and cause it to do malicious things,” he said. For example, a cell phone radio could be hacked and turned into a jammer to interfere with other radio transmissions.
“Hopefully the engineers designing these things are good and don’t leave too many vulnerabilities open,” he said.