- Researchers successfully reconstructed 99% of the packet structure and obtained the right parameters to reconstruct a transmitter.
- This way, they could forge packets and take complete control of the LED wristbands.
Researchers from Trend Micro conducted an RF security analysis of LED wristbands and determined that they can be easily hacked and their packet structure can be reconstructed.
More details on the analysis
The researchers noted that the RF link in the LED wristbands used an industrial protocol: DMX512 (Digital MultipleX 512).
After examining one of the wristbands, the researchers found out that it is based on a CC113L receiver, which is the receiver-only version of the CC1101 transceiver made by Texas Instruments.
- To carry out the RF analysis and capture multiple RFs, the researchers used a software-defined radio (SDR) equipment and a BladeRF SDR.
- Capturing multiple RFs enabled them to compare different packets and determine the overall packet structure.
- Upon capturing signals, the researchers used an open-source signal analysis software named ‘Sigrok’ to interpret the captured signals and decode the SPI transactions.
- After interpreting and decoding the transactions, the researchers used SmartRF Studio to derive the RF parameters from the register values.
‘With the help of the DJ, who got intrigued by seeing us focused on our work, we were able to capture different packets corresponding to different effects or commands. Although not surprising, we confirmed that there was no anti-replay mechanism, so we were able to interfere with the expected “color” commanded by the DJ during the party,” researchers said.
What’s the conclusion
This way, the researchers were able to successfully reconstruct 99% of the packet structure and obtain the right parameters to reconstruct a transmitter. Using this, they could forge packets and take complete control of the wristbands.
“So, despite being small and inexpensive, devices such as LED wristbands offer a good learning opportunity, and the indirect impact of an attack against their underlying technology can be substantial. For example, in the case of an important show organized by a well-known company, attended by thousands of people and broadcast to be seen by many others, a failure in the lighting system can affect the brand reputation,” researchers said.