Intro
This is a second post relating relay attacks. Initially, I wrote a small introduction to “local” relay against NFC Payments using the RFIDIot library. In this post, we will use the same initial idea to make a relay, but we will implement LoRa technology.
LoRa is a cheap SDR technology to transmit small data in a long distance. If you want to learn more about this technology, you can visit Adafruit site or Sabas’s.
Hardware
To implement a relay attack in distance, a malicious user needs two devices which have to be connected by wire or wirelessly. This type of projects could be expensive depending on which kind of hardware the attacker wants to implement. For our study case, I will use a cheap version of Heltec board and a PN532 board:
This Heltec version supports WiFi, Bluetooth and SDR(LoRa) in the same device; adding that has a special OLED to program special messages. This version of PN532 could be use with different configurations: UART, SPI…
Software
To establish a communication with the LoRa boards, we can use the Heltec library. Because I will send and receive packets continuously, the multiple communication code seems adequate. For the reading and emulation part, I used the Adafruit library. I had to add some functions to support emulation(thinking to commit the changes in the future).
PoC
In this PoC, I transmitted NFC data between the two LoRas in approximately 50 meters:
This proof of concept could be improve to have a better reception with low-cost technology. In the next post, I will write about how to use Raspberry Pis and CC1101 to make a different relay with different technology.
Is relay attack possible over slower means, e.g. UDP / internet?
LikeLike
If it is too slow, it will not work; but If you use 4G or LTE, it could be possible
LikeLike