The large adoption of wireless devices goes further than WiFi networks: smartmeters, wearable devices, etc. The engineers behind these new types of devices may not have a deep security background and it can lead to security and privacy issues when a particular technology is stressed. However, to assess the security of these devices, the only current solution would be a dedicated hardware component with an appropriate radio interface for each available technology. Such components are not easy to engineer and this is why we developed Scapy-radio, a generic wireless monitor/injector tool based on Software Defined Radio using GNU Radio and the well-known Scapy framework. In this paper, we present this tool we developed for a wide range of wireless security assessments. The main goal of our tool is to provide effective penetration testing capabilities to security auditors with little to no knowledge of radio communication systems.
Above-mentioned is the abstract of the talk we gave at BlackHat 2014. Analyzing packets with Wireshark or processing them with TShark is something most of us are used to. That is why we are now releasing a Wireshark dissector for Scapy-radio packets. As usual, you can get it on our code repository: http://bitbucket.cassidiancybersecurity.com
If you want to know more about Scapy-radio, we invite you to take a look at the presentation but also at the white paper as it goes into further details. Near the end of our talk, you will notice that we had trouble to play recorded demonstrations of Scapy-radio capabilities. To make up for it we release these videos on the blog: