Course Outline


The course will be set up as two weekly classes, each of 80 minutes. The Thursday class will introduce another area of the spectrum, and the devices that use it. There will be a number of potential assignments, either reading and research, or collecting and analyzing data. Students will sign up for a question, and then prepare  5 slides on what they find. On Tuesdays, the students for each question will get together and collate their slides into one presentation, which they will give to the class as group.


The schedule for the course will be:

Week 1 RF Spectrum

Where are interesting signals, and why? How can you tell what a device transmits? This can include estimating the frequency from the size of the antenna, examining the components, and looking up the device in the FCC data base.

Week 2 SDR receivers

Capturing any signal with your PC, a USB RF receiver, and public domain software. Using public domain software we will explore some of the more active regions of the spectrum. We will look at identifying unknown signals based on their frequencies, how they look on a waterfall display, and how they sound.

Week 3 Public Service Radio

Police, Fire, and Emergency Services all broadcast unencrypted communications, although that may be changing. We will capture and decode these signals, and describe how these systems work. We will also discuss the issues of encryption.

Week 4 ADSB and Airband

Airplanes constantly tell you where they are using the “Automatic Dependent Surveillance - Broadcast” (ADSB) protocol. We will decode these signals and plot them on a map in real time. We will also listen to air traffic control radio, and describe how it is organized.

Week 5 Cars and Key Fobs

The key fobs for cars are encrypted. However, mistakes were made, and some cars are easily hacked. How does this work, what happened, and what can you do with this? What other attacks are there for cars?

Week 6 Utility Meters

Many areas (including Stanford) have installed wireless meters to constantly report usage of water, gas, and electricity. These are also in the ISM bands. We will acquire and decode these signals, and show how this provides detailed information about the activity of individual households.

Week 7 WiFi

WiFi is the best known example for RF hacking. These signals are also in the ISM bands. We will show how easy it is to capture WiFi traffic with your PC, and decode unencrypted packets using public domain software.

Week 8 Cell Phones and Paging Networks

Both cell phones and paging systems originally used no encryption. The assumption was that monitoring and decoding these services was beyond the capabilities of most interested parties. As technology advances, these services became increasingly vulnerable. In this class we will look at the history of security in these systems in terms of increasing encryption, increasing technical capability, and threats of legal prosecution.

Week 9 - 10 Project Presentations

The students will each have 20 minutes to present an example covering some extension of the topics we have covered so far. There are many possibilities. Some from past years have been:

  • Stingray Boxes: Law enforcement use these briefcase-sized systems to intercept cell telephone calls. How do these work? How can you build one of your own?

  • Cell Phone Encryption: Describe the history of encryption with cell phones. Which protocols can be decrypted now, and how. How does the future look for current protocols?

  • Traffic Analysis: Often is it sufficient to determine who talks to whom, without capturing exactly what was said. This is called traffic analysis. How would you do this using what you know about the cell phone network?

  • Airport WiFi: People all over the world pass through airports, and no one wants to pay for WiFi. How can this be exploited to steal passwords and accounts from unsuspecting travelers?

Over the quarter, be on the lookout for topics that interest you that could be a final project.