back to article Researcher messes up Wi-Fi with an rPi and bargain buy radio stick

KU Leuven Phd student Mathy Vanhoef has smashed conventional wireless security thought by creating continual, targeted and virtually indefensible stealth jamming of WiFi, Bluetooth, and Zigbee networks, and tampering with encrypted traffic, with little more than a $15 dongle. The wireless security boffin presented his work at …

  1. Anonymous Coward
    Anonymous Coward

    The attack (first case) is at least as old as token-ring. Still neat. Now I just need an amp. Galileo here already do the rest. Bwoo-ha-ha!

  2. Henry Wertz 1 Gold badge

    I didn't need a special setup...

    One of my old wifi cards (PCI), the sucker would lock up every so often.. with the transmitter jammed on. I don't know if it was transmitting the same packet or jibberish, or just whatever the equivalent of an empty carrier is for OFDM, but the whole network would drop dead until I powered off the computer (rebooting the computer would not reset the card.)

  3. Anonymous Coward
    Anonymous Coward

    Marriott, eat your heart out..

    CSMA networks have always been succeptible to this, when you skip the CS step.

  4. Gene Cash Silver badge

    small amp

    So how small is this amp, and does it cause a frowny face from the FCC?

    Can the same form of attack be used on local cell towers?

    1. Anonymous Coward

      Re: small amp

      If you can reprogram the baseband controller, I don't see why not*.

      I would not recommend trying this unless you you're S.W.A.T.-proof.

    2. Anonymous Coward

      Re: small amp

      It just occurred to me, what if you do it FROM the cellphone towers... now that would be a hack.

  5. Notenoughnamespace

    Unless I've missed something this isn't going to jam Bluetooth. Bluetooth doesn't use random back-off, it uses frequency hopping, so it should hop away from this attack with ease.

    Wi-fi just isn't a very good radio protocol: it's a wired protocol pushed into the either.

    1. Jonathan Richards 1

      Wired protocol

      Ether, either, nether, neither, let's call the whole thing off!


  6. Mage Silver badge

    Bluetooth vs WiFi

    The BT hopping is only in the 2.4Ghz ISM band (11 chs USA, 13 Chs in Europe). Old 11Mbps WiFi used one channel. 54M bps uses 3 to 4 channels. The fastest modes use all the channels. So it's possible to degrade BT, except there is the inverse square law, most BT applications are 10cm to 100cm distance link.

    A transmitter amp would be illegal in EU and USA. But certainly without an amp, WiFi in the same premises will crawl. Add another posher stick and you can jam the other 5.8Ghz WiFi band.

    Jammers are illegal in most countries, even if done with an off the shelf stick.

    1. Anonymous Coward
      Anonymous Coward

      Re: Bluetooth vs WiFi

      When I specced my Galileo, I intentionally picked up the Intel dual-band, 2x2 MIMO with 6dB gain on the antennae. Not for the jamming capability but for higher throughput. It does Bluetooth as well. And cost more than the Galileo. And... it can be swapped in on the three laptops should the need arise.

      This actually looks interesting. A mobile, ground-based drone with an EW suite. Sweet!

  7. M7S

    In the hands of a burglar, would a portable (battery powered) unit stuff up....

    ...wireless CCTV, Burglar alarms and the like?

    1. Jason Bloomberg Silver badge

      Re: In the hands of a burglar, would a portable (battery powered) unit stuff up....

      One would hope that a decent alarm system had been designed such that, if it did not receive valid 'still alive' signals from sensors on a regular basis, it set off the alarm. Otherwise it would be at risk from having signals blocked or having the sensors removed.

      1. Iain Gilbert

        Re: In the hands of a burglar, would a portable (battery powered) unit stuff up....

        Friedland response alarms have a setting for this. But it's not on by default and the manual states it's not a great idea as it can cause false alarms.

        I also wonder what happens with the wireless siren - it may well not go off and leave you relying on the one built into the main panel.

        1. Eddy Ito
          Black Helicopters

          Re: In the hands of a burglar, would a portable (battery powered) unit stuff up....

          False alarms? Are you really sure someone wasn't breaking in every time someone re-heated the coffee in the microwave?

  8. PleebSmash


    "continual, targeted and virtually indefensible stealth jamming"

    In his defense, it was very cheap.

  9. Fraggle850

    Be entertaining to leave one at a car dealership...

    ...if it's capable of jamming wireless car key systems. Sounds like they are cheap enough for all sorts of entertaining mayhem. Wifi jamming throwies anyone?

    1. Martin an gof Silver badge

      Re: Be entertaining to leave one at a car dealership...

      Who needs a jammer? Once went to a dealer to collect a brand new car only to discover that he couldn't open the doors properly. Whatever he did, only the driver's door would unlock and the others had to be opened using the switch inside.

      We took the car home anyway and (as is my fetish) RTFM to discover that for that model of car - and it seems uniquely for that model in the manufacturer's lineup - unlocking all the doors required a long press of the button. A short press would just do the driver's.

      Older models by the same manufacturer unlocked all doors on a short press, and newer models required two presses in fairly quick succession with the first doing the driver's door, the second everything else.

      Mind you, we'd already fairly lost confidence in that dealer as, sitting down and signing the paperwork, we glanced out of the window to find that their mechanic was screwing the wrong numberplates onto our car.


      1. Mike 16

        Re: Cockup or conspiracy?

        Perhaps they intended to use _your_ numberplates on a similar car when they robbed a bank later that day. Of course, they would considerately re-swap them to your car as they left for Brazil, later that night.

  10. Graham Marsden

    It's easy to jam 2.4Ghz

    All you need is a dodgy old microwave oven like one of my neighbours used to have which would block my video sender every time they turned it on!

    1. DropBear

      Re: It's easy to jam 2.4Ghz

      Why, is there any microwave and/or any video sender able to peacefully coexist? Not in my experience...

    2. Anonymous Coward
      Anonymous Coward

      Re: It's easy to jam 2.4Ghz

      Because your video sender almost certainly wasn't using the spectrum very sensibly and a microwave can easily knock over something that is sending continuous signals. WiFi and Bluetooth are more resistant but there is a limit to how much.

      1. Suricou Raven

        Re: It's easy to jam 2.4Ghz

        The magnetron is the kazoo of radio transmitters. You do not try to tune it delicately for a precise output - you calibrate it for more-or-less what you want and make do with the very broad spectrum it puts out, hopefully centered roughly where you want. They also operate at very high power, and depend upon the screening of the microwave oven to hold the field where it belongs - so the slightest imperfection in containment turns it into a wide-spectrum 2.4GHz jammer.

    3. JeffyPoooh

      Re: It's easy to jam 2.4Ghz


      Uppercase H

  11. Anonymous Coward
    Anonymous Coward

    I've seen simpler efforts...

    Use a legit 2.4GHz videosender bought off the shelf. These things (used to) operate by modulating the video and audio onto a continuous carrier somewhere in the 2.4GHz band and could happily cause enough disruption to wifi etc (perfectly innocently) to render them unusable, even if not completely jammed.

    The one in the article's certainly more interesting than a videosender-as-jammer and probably more reliable too.


    wireless car key systems typically operate around 433MHz in Europe so a 2.4GHz jammer doesn't do the magick.

  12. x 7

    Isn't this how Benny Hill jammed the traffic lights and cameras in "The Italian Job"???

  13. Jim 59

    ...when paired with a Raspberry Pi and a small amplifier, can block 2.4Ghz transmissions for up to 120 metres.

    Possibly of more interest to parents than hackers.

  14. bob_funn

    This might be useful for the various camera equipped drones our neighbors like to fly over our yards now and then.

  15. Mike Tubby

    Bet it james WiFi IP cameras too

    Why am I thinking of a Benny Hill moment with him putting jamming devices in bins in down-town Turin...? I bet it would jam modern-day Wifi IP cameras too :)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like