Hop Sequences

FHSS radio transmissions, by definition, change their operating frequency
according to a semirandom pattern. Due to the random method
of the hop sequence, it is somewhat protected against hackers trying to
eavesdrop on network traffic. However, with HomeRF, the hop sequence
is deciphered in less that five seconds because the hop is somewhat
slow, at only 50 hops per second. By comparison, Bluetooth is considered
slow and its speed is far in excess of FHSS at 1600 hops per second.


Additionally, there are only a small number of different hop patterns
designated for HomeRF radios, in which each hop is composed of 75 distinct
frequencies, with each hop repeating itself every 1.5 seconds. The specific
patterns for the HomeRF specifications can be easily read from the
SWAP specification by anyone interested in getting a copy of that spec.
A beacon is sent each time the network hops to a new channel in the
HomeRF protocol. In fact, a hacker can eavesdrop on the beacon for only
a few seconds before the hop set of a HomeRF radio can be deciphered.
Furthermore, if the beacon were encrypted, you could still detect the
radio transmissions and simply measure the amount of time of reception.
This information alone would allow the hop set to be deciphered.

You can decipher the hop set for a standard Home RF system using 75
channels, but you can determine even more easily the hop set for wide
band frequency hopping (WBFH) systems because they use only 15 channels.
This means that FHSS systems do not have any true advantage
over DSSS when it comes to built-in security features and functionality.