Researchers from Trend Micro conducted an RF security analysis of LED wristbands and determined that they can be easily hacked and their packet structure can be reconstructed.
More details on the analysis
The researchers noted that the RF link in the LED wristbands used an industrial protocol: DMX512 (Digital MultipleX 512).
After examining one of the wristbands, the researchers found out that it is based on a CC113L receiver, which is the receiver-only version of the CC1101 transceiver made by Texas Instruments.
‘With the help of the DJ, who got intrigued by seeing us focused on our work, we were able to capture different packets corresponding to different effects or commands. Although not surprising, we confirmed that there was no anti-replay mechanism, so we were able to interfere with the expected “color” commanded by the DJ during the party,” researchers said.
What’s the conclusion
This way, the researchers were able to successfully reconstruct 99% of the packet structure and obtain the right parameters to reconstruct a transmitter. Using this, they could forge packets and take complete control of the wristbands.
“So, despite being small and inexpensive, devices such as LED wristbands offer a good learning opportunity, and the indirect impact of an attack against their underlying technology can be substantial. For example, in the case of an important show organized by a well-known company, attended by thousands of people and broadcast to be seen by many others, a failure in the lighting system can affect the brand reputation,” researchers said.