FCC Device Data

Summary

FCC Device Data

Video Transcript

- Hi, welcome to this talk on FCC Device Data. My name's Bob Baxley and I'm the Chief Engineer at Bastille. Where I lead the radio and data science teams. So in this talk I want to give you a feeling for the kinds of data that the FCC ID and how the data can be used to do all kinds of things.

I've got a screenshot of the FCCs website that will allow you to search for FCC device data. And what you're actually searching for is when well, I'm just gonna use this. This is a wireless device. And I open up this back there's a FCC ID printed on this device.

For the manufacturer, this device to get that FCC ID, they had to have it certified by a lab. And the certification says the device operates within the legal limits of wireless emissions. So it doesn't transmit too much power and it only transmits an unlicensed spanse. The test reports from that certification process gets sent to the FCC.

And the FCC logs them on this database where there is public domain data. So you can view them, anyone can use them. Here's a picture of an iPhone and the FCC is printed clearly on the back of the iPhone. So if you type in that FCC ID into the database you get an interface that looks like this.

So on the screenshot on the left, you can see all the frequencies that iPhone operates in. Since the iPhone talks on several different cellular carrier frequencies. Bluetooth, Wifi, NFC. There's lots of radio standards that it utilizes. And then you also see these really cool test pictures. That's an iPhone held up in the operating position and then they're assessing the emission pattern from the iPhone.

So super cool data. There's literally like dozens and dozens of independent PDFs that you can get for almost any device that transmits wirelessly. So one reason that's interesting if you're an IT security person, is that the or a hacker, or researcher, is that in those documents it's documented how this device uses the wireless spectrum.

So what protocols it uses, the packages, the formats, all those things. That kind of information can also be found in patent filings, which are also public domain. So, we've got a picture of Logan Lamb one of our security researchers, and he was able to use the FCC documentation for home security systems, which have wireless door sensors and wireless components.

He was able to look at the documents and understand exactly how the protocol worked. Which made it much easier to demonstrate some of the vulnerabilities in this protocol. And there's another screenshot of him on Good Morning America where he demonstrated the ability to take (mumbling) radio that was spoofing the wireless protocol of the wireless home security system.

And basically transmitting the signal that says door's still closed, even as he doors the open. So, what that means is he would be able to walk in the building without the alarm going off. So super cool. And that's just one example of the sorts of things that you can do with the FCC data.

Another example here I want to show you a demo, where we've scraped all this FCC data and categorized it. Parsed it by frequency and by by usage. And we've got this really neat portal where we can slice and dice. So, let me show you that demo right now.

Again, we've scraped all the FCC device data. So in the plot here I have the X-axis is frequency. The Y-axis is the device equipment class as classified by the FCC. In the lower left I have metadata about the devices as described by the FCC. The middle is the manufacturer and the bottom right is the (mumbling).

So what we can do with this tool is we can actually highlight certain frequency ranges and see what types of devices are in those ranges. So we highlight the 900 megahertz band here. What do we see? Well, we'd expect to see things like 900 megahertz worth of spoons. And of course, that's what we see.

So on the lower left you can see several different types of megahertz spoons. What is also interesting to see interestingly see paging receivers and satellites. So this is the sort of tool that helps us understand what we're seeing with our sensors. So when I click away from that and reset it we can go ahead and the next thing I'm gonna highlight is this little cluster device, as you can see, they have similar equipment classes.

And they're for like 300 to 500 megahertz. And so if I highlight that region right there we see remote control transmitters. This is where RC Car Remote Control lives. This is where key fobs live. Automotive security system transmitters. So all those sorts of things live in this little block of frequencies and classes.

And you can see companies like Honeywell and Chamberlain make this sorts of devices. Which is what you would expect. Then for the last example, I'm gonna highlight the 2.4 band. So there, we would expect to see devices that have Wifi and Bluetooth. So those devices will be things like computers, and tablets, and phones.

So I'm gonna highlight it, it's gonna filter everything out. And of course we see that, we see Bluetooth headsets, Bluetooth speakers, tablet, PCs. If you zoom in, if you kind of zoom in on the manufacturers you can see companies like Apple and Samsung make these devices. So exactly the sorts of things you would expect.

But if you spend a little bit more time with this digging into the particular classes of particular frequencies, you start seeing kind of counter intuitive things. So things you wouldn't expect. So really really neat tool. Thanks for listening. And my name's Bob Baxley and I'm with Bastille.