Ever been in a grocery store and notice the stock guys running around with a wireless handheld, only to pull out your mobile and discover that there were no WiFi AP's in sight? Yeah, everyone has, its a really common occurrence. The funny thing is that's about the only security present on those ancient 802.11 FHSS networks they are using. Legacy 802.11 FHSS networks are alive and well. You see them in countless numbers of warehouses, retail environments, sometimes even in corporate networks. What's more oftentimes these "invisible" networks are not treated as untrusted, oftentimes there will be no network level controls between these networks and the juicy LAN environments. The only control anyone that runs these relies upon is relative invisibility and obscurity.

This talk will not only demonstrate practical methods of finding, eavesdropping, and attacking these networks, using basic, easily obtainable tools such as GNURadio and the USRP, it will discuss using software based radio to build good old fashioned "war drive" rigs for 802.11 FHSS and present some results of my research in various areas to show just how prevalent these networks still are.

This will demonstrate the security issues surrounding these legacy networks in production environments and the importance for security controls beyond obscurity.

Rob Havelt

Rob Havelt is the practice manager for penetration testing at Trustwave's SpiderLabs, the advanced security team within Trustwave focused on forensics, ethical hacking, and application security for premier clients. Rob has worked with offensive security seemingly forever, and from running a start-up ISP, to working as a TSCM specialist, he's held just about every job possible in the realm of system administration and information security. Formerly a bourbon-fueled absurdist, raconteur, and man about town, currently a sardonic workaholic occasionally seeking meaning in the finer things in life - Rob is, and will always be, a career hacker.