research-article

Massive reactive smartphone-based jamming using arbitrary waveforms and adaptive power control

Authors:

Matthias Schulz,

Francesco Gringoli,

Daniel Steinmetzer,

Matthias HollickAuthors Info & Claims

WiSec '17: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Pages 111 - 121

https://doi.org/10.1145/3098243.3098253

Published: 18 July 2017 Publication History

Abstract

It is not commonly known that off-the-shelf smartphones can be converted into versatile jammers. To understand how those jammers work and how well they perform, we implemented a jamming firmware for the Nexus 5 smartphone. The firmware runs on the real-time processor of the Wi-Fi chip and allows to reactively jam Wi-Fi networks in the 2.4 and 5 GHz bands using arbitrary waveforms stored in IQ sample buffers. This allows us to generate a pilot-tone jammer on off-the-shelf hardware. Besides a simple reactive jammer, we implemented a new acknowledging jammer that selectively jams only targeted data streams of a node while keeping other data streams of the same node flowing. To lower the increased power consumption of this jammer, we implemented an adaptive power control algorithm. We evaluated our implementations in friendly jamming scenarios to oppress non-compliant Wi-Fi transmissions and to protect otherwise vulnerable devices in industrial setups. Our results show that we can selectively hinder Wi-Fi transmissions in the vicinity of our jamming smartphone leading to an increased throughput for other nodes or no blockage of non-targeted streams on a jammed node. Consuming less than 300 mW when operating the reactive jammer allows mobile operation for more than 29 hours. Our implementation demonstrates that jamming communications was never that simple and available for every smartphone owner, while still allowing surgical jamming precision and energy efficiency. Nevertheless, it involves the danger of abuse by malicious attackers that may take over hundreds of devices to massively jam Wi-Fi networks in wide areas.

References

[1]

Narendra Anand, Sung-Ju Lee, and Edward W. Knightly. 2012. Strobe: Actively securing wireless communications using zero-forcing beamforming. In IEEE International Conference on Computer Communications (INFOCOM) 2012. IEEE, 720--728.

[2]

Emrah Bayraktaroglu, Christopher King, Xin Liu, Guevara Noubir, Rajmohan Rajaraman, and Bishal Thapa. On the Performance of IEEE 802.11 under Jamming. In IEEE Conference on Computer Communications (INFOCOM) 2008. IEEE, 1265--1273.

[3]

Gal Beniamini. 2017. Over The Air: Exploiting Broadcom's Wi-Fi Stack (Part 1). (2017). https://googleprojectzero.blogspot.de/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html

[4]

Daniel S. Berger, Francesco Gringoli, Nicolò Facchi, and Ivan Martinovic. 2014. Gaining insight on friendly jamming in a real-world IEEE 802.11 network. In ACM Conference on Security and Privacy in Wireless & Mobile Networks (WiSec) 2014. Oxford, United Kingdom.

Digital Library

[5]

Daniel S. Berger, Francesco Gringoli, Nicolò Facchi, Ivan Martinovic, and Jens B. Schmitt. 2016 Friendly Jamming on Access Points: Analysis and Real-World Measurements. IEEE Transactions on Wireless Communications 15, 9 (2016), 6189--6202.

Digital Library

[6]

James Brown, Ibrahim Ethem Bagci, Alex King, and Utz Roedig. 2013. Defend your home!: jamming unsolicited messages in the smart home. In ACM Workshop on Hot Topics on Wireless Network Security and Privacy (HotWiSec) 2013. ACM, New York, New York, USA, 1--6.

Digital Library

[7]

Yifeng Cai, Kunjie Xu, Yijun Mo, Bang Wang, and Mu Zhou. 2013. Improving WLAN throughput via reactive jamming in the presence of hidden terminals. In IEEE Wireless Communications and Networking Conference (WCNC) 2013. IEEE, 1085--1090.

[8]

T Charles Clancy. 2011. Efficient OFDM denial: Pilot jamming and pilot nulling. In IEEE International Conference on Communications (ICC) 2011. IEEE, 1--5.

[9]

Federal Communications Commission. 2017. Jammer Enforcement. (2017). https://www.fcc.gov/general/jammer-enforcement

[10]

CYPRESS 16. Single-Chip 5G WiFi IEEE 802.11ac MAC/Baseband/Radio with Integrated Bluetooth 4.1 and FM Receiver. CYPRESS. Document No. 002-14784 Rev. *G.

[11]

Bruce DeBruhl, Christian Kroer, Anupam Datta, Tuomas Sandholm, and Patrick Tague. 2014. Power napping with loud neighbors - optimal energy-constrained jamming and anti-jamming. ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec) 2013 (2014), 117--128.

Digital Library

[12]

Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi, and Kevin Fu. 2011. They can hear your heartbeats: non-invasive security for implantable medical devices. In ACM Conf. of the Special Interest Group on Data Communication (SIGCOMM) 2011. Toronto, Canada.

Digital Library

[13]

Shyamnath Gollakota and Dina Katabi. 2011. Physical layer wireless security made fast and channel independent. In IEEE International Conference on Computer Communications (INFOCOM) 2011. IEEE, 1125--1133.

[14]

Francesco Gringoli and Lorenzo Nava. 2009. OpenFWWF: Open FirmWare for WiFi networks. (2009). http://netweb.ing.unibs.it/~openfwwf/

[15]

Myeongsu Han, Takki Yu, Jihyung Kim, Kyungchul Kwak, and Sungeun Lee. 2008. OFDM channel estimation with jammed pilot detector under narrow-band jamming. IEEE Transactions on Vehicular Technology 57, 3 (2008), 1934--1939.

[16]

Morten Lisborg Jorgensen, Boyan Radkov Yanakiev, Gunvor Elisabeth Kirkelund, Petar Popovski, Hiroyuki Yomo, and Torben Larsen. 2007. Shout to Secure: Physical-Layer Wireless Security with Known Interference. In IEEE Global Telecommunications Conference (GLOBECOM) 2007. IEEE, 33--38.

[17]

Yu Seung Kim, Patrick Tague, Heejo Lee, and Hyogon Kim. 2012. Carving secure wi-fi zones with defensive jamming. In ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2012. ACM, New York, New York, USA, 53--54.

Digital Library

[18]

Guolong Lin and Guevara Noubir. 2005. On link layer denial of service in data wireless LANs: Research Articles. Wireless Communications & Mobile Computing 5, 3 (May 2005), 273--284.

Digital Library

[19]

Ivan Martinovic, Paul Pichota, and Jens B. Schmitt. 2009. Jamming for good: a fresh approach to authentic communication in WSNs. In ACM Conference on Wireless Network Security (WiSec) 2009. ACM, New York, USA, 161--168.

Digital Library

[20]

Aristides Mpitziopoulos, Damianos Gavalas, Grammati Pantziou, and Charalampos Konstantopoulos. 2007. Defending Wireless Sensor Networks from Jamming Attacks. In IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC) 2007. IEEE, 1--5.

[21]

Konstantinos Pelechrinis, Marios Iliofotou, and Srikanth V. Krishnamurthy. 2011. Denial of Service Attacks in Wireless Networks: The Case of Jammers. IEEE Communications Surveys & Tutorials 13, 2 (2011), 245--257.

[22]

Alejandro Proano and Loukas Lazos. 2010. Selective Jamming Attacks in Wireless Networks. In IEEE International Conference on Communications (ICC) 2010. IEEE, 1--6.

[23]

Matthias Schulz, Daniel Wegemer, and Matthias Hollick. 2016. DEMO: Using NexMon, the C-based WiFi firmware modification framework. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2016. ACM, Darmstadt, Germany, 213--215.

Digital Library

[24]

Matthias Schulz, Daniel Wegemer, and Matthias Hollick. 2017. Nexmon: The C-based Firmware Patching Framework. (2017). https://nexmon.org

Digital Library

[25]

Chowdhury Shahriar, Shabnam Sodagari, Robert McGwier, and T Charles Clancy. 2013. Performance impact of asynchronous off-tone jamming attacks against OFDM. In IEEE International Conference on Communications (ICC) 2013. IEEE, 2177--2182.

[26]

Wenbo Shen, Peng Ning, Xiaofan He, and Huaiyu Dai. 2013. Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time. In IEEE Symp. on Security and Privacy (S&P) 2013. IEEE, 174--188.

Digital Library

[27]

Mathy Vanhoef and Frank Piessens. 2014. Advanced Wi-Fi attacks using commodity hardware. In Annual Computer Security Applications Conference (ACSAC) 2014. ACM, New York, New York, USA, 256--265.

Digital Library

[28]

Triet D. Vo-Huu, Guevara Noubir, and Tien D. Vo-Huu. 2016. Interleaving Jamming in Wi-Fi Networks. ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec) 2016 (2016), 31--42.

Digital Library

[29]

Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt, and Vincent Lenders. 2011. Short paper: reactive jamming in wireless networks: how realistic is the threat?. In ACM Conference on Wireless Network Security (WiSec) 2011. ACM Request Permissions, New York, New York, USA, 47.

Digital Library

[30]

Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt, and Vincent Lenders. 2011. WiFire: a firewall for wireless networks. In ACM Conf. of the Special Interest Group on Data Communication (SIGCOMM) 2011. ACM Press, New York, New York, USA, 456--457.

Digital Library

[31]

Fengyuan Xu, Zhengrui Qin, Chiu C Tan, Baosheng Wang, and Qun Li. IMD-Guard: Securing implantable medical devices with the external wearable guardian. In IEEE Conference on Computer Communications (INFOCOM) 2011. IEEE, 1862--1870.

[32]

Wenyuan Xu, Wade Trappe, Yanyong Zhang, and Timothy Wood. 2005. The feasibility of launching and detecting jamming attacks in wireless networks. In ACM International Symposium on Mobile ad hoc Networking and Computing (MobiHoc) 2005. ACM Request Permissions, New York, USA, 46--57.

Digital Library

[33]

Qiben Yan, Huacheng Zeng, Tingting Jiang, Ming Li, Wenjing Lou, and Y T Hou. 2014. MIMO-based jamming resilient communication in wireless networks. In IEEE International Conference on Computer Communications (INFOCOM) 2014. IEEE, 2697--2706.

[34]

Qiben Yan, Huacheng Zeng, Tingting Jiang, Ming Li, Wenjing Lou, and Y. Thomas Hou. 2016. Jamming resilient communication using MIMO interference cancellation. IEEE Transactions on Information Forensics and Security 11, 7 (July 2016).

Digital Library

Cited By

Yazdani-Abyaneh AHirzallah MKrunz M(2024)Countermeasuring Aggressors via Intelligent Adaptation of Contention Window in CSMA/CA SystemsIEEE Access10.1109/ACCESS.2024.341623212(88216-88230)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3416232
Link JBreuer DGringoli FHollick M(2023)Rolling the D11Proceedings of the 17th ACM Workshop on Wireless Network Testbeds, Experimental evaluation & Characterization10.1145/3615453.3616520(88-95)Online publication date: 6-Oct-2023
https://dl.acm.org/doi/10.1145/3615453.3616520
Ghiro LCominelli MGringoli FLo Cigno R(2023)Wi-Fi Localization Obfuscation: An implementation in openwifiComputer Communications10.1016/j.comcom.2023.03.026205(1-13)Online publication date: May-2023
https://doi.org/10.1016/j.comcom.2023.03.026
Show More Cited By

Massive reactive smartphone-based jamming using arbitrary waveforms and adaptive power control
1. Networks
  1. Network types

Recommendations

Demonstrating reactive smartphone-based jamming: demo
WiSec '17: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Reactive Wi-Fi jammers on off-the-shelf hardware that may facilitate mobile friendly jamming applications have only been shown recently. Until now, no demonstrators existed to reproduce the results obtained with these systems, hence, inhibiting re-use ...
Power Control as an Effective Method against Low Power Jamming
CICSYN '14: Proceedings of the 2014 Sixth International Conference on Computational Intelligence, Communication Systems and Networks

Wireless networks are built upon a shared medium which makes it easy for an adversary to launch a Denial of Service (DoS) attack. Jamming, as a part of DoS attacks at physical layer, is one of the main security considerations within the wireless ...
Detecting and Mitigating Smart Insider Jamming Attacks in MANETs Using Reputation-Based Coalition Game

Security in mobile ad hoc networks MANETs is challenging due to the ability of adversaries to gather necessary intelligence to launch insider jamming attacks. The solutions to prevent external attacks on MANET are not applicable for defense against ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '17: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks

July 2017

297 pages

ISBN:9781450350846

DOI:10.1145/3098243

General Chair:
Guevara Noubir
Northeastern University
,
Program Chairs:
Mauro Conti
University of Padua, Italy
,
Sneha Kumar Kasera
University of Utah

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
NSF: National Science Foundation
ACM: Association for Computing Machinery

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 July 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Best Paper

Qualifiers

Research-article

Funding Sources

BMBF/HMWK CRISP
LOEWE NICER
LOEWE CASED
German Research Foundation (DFG)
European Commission (EC)

Conference

WiSec '17

Sponsor:

WiSec '17: 10th ACM Conference on Security & Privacy in Wireless and Mobile Networks

July 18 - 20, 2017

Massachusetts, Boston

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

28
Total Citations
View Citations
667
Total Downloads

Downloads (Last 12 months)45
Downloads (Last 6 weeks)12

Reflects downloads up to 22 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yazdani-Abyaneh AHirzallah MKrunz M(2024)Countermeasuring Aggressors via Intelligent Adaptation of Contention Window in CSMA/CA SystemsIEEE Access10.1109/ACCESS.2024.341623212(88216-88230)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3416232
Link JBreuer DGringoli FHollick M(2023)Rolling the D11Proceedings of the 17th ACM Workshop on Wireless Network Testbeds, Experimental evaluation & Characterization10.1145/3615453.3616520(88-95)Online publication date: 6-Oct-2023
https://dl.acm.org/doi/10.1145/3615453.3616520
Ghiro LCominelli MGringoli FLo Cigno R(2023)Wi-Fi Localization Obfuscation: An implementation in openwifiComputer Communications10.1016/j.comcom.2023.03.026205(1-13)Online publication date: May-2023
https://doi.org/10.1016/j.comcom.2023.03.026
Xu YWang CLiang JYue KLi WZheng SZhao Z(2022)Deep Reinforcement Learning Based Decision Making for Complex Jamming WaveformsEntropy10.3390/e2410144124:10(1441)Online publication date: 10-Oct-2022
https://doi.org/10.3390/e24101441
Camurati GFrancillon A(2022)Noise-SDR: Arbitrary Modulation of Electromagnetic Noise from Unprivileged Software and Its Impact on Emission Security2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833767(1193-1210)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833767
Ghiro LCominelli MGringoli FCigno R(2022)On the Implementation of Location Obfuscation in openwifi and Its Performance2022 20th Mediterranean Communication and Computer Networking Conference (MedComNet)10.1109/MedComNet55087.2022.9810411(64-73)Online publication date: 1-Jun-2022
https://doi.org/10.1109/MedComNet55087.2022.9810411
Liu ZXu LLin FWang ZRen K(2022)CTJammer: A Cross-Technology Reactive Jammer towards Unlicensed LTE2022 IEEE/ACM Seventh International Conference on Internet-of-Things Design and Implementation (IoTDI)10.1109/IoTDI54339.2022.00013(95-106)Online publication date: May-2022
https://doi.org/10.1109/IoTDI54339.2022.00013
Pirayesh HZeng H(2022)Jamming Attacks and Anti-Jamming Strategies in Wireless Networks: A Comprehensive SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2022.315918524:2(767-809)Online publication date: Oct-2023
https://doi.org/10.1109/COMST.2022.3159185
Cominelli MGringoli FCigno R(2021)Non Intrusive Wi-Pi CSI Obfuscation Against Active Localization Attacks2021 16th Annual Conference on Wireless On-demand Network Systems and Services Conference (WONS)10.23919/WONS51326.2021.9415586(1-8)Online publication date: 9-Mar-2021
https://doi.org/10.23919/WONS51326.2021.9415586
Cominelli MGringoli FCigno R(2021)Passive Device-Free Multi-Point CSI Localization and Its Obfuscation with Randomized Filtering2021 19th Mediterranean Communication and Computer Networking Conference (MedComNet)10.1109/MedComNet52149.2021.9501240(1-8)Online publication date: 15-Jun-2021
https://doi.org/10.1109/MedComNet52149.2021.9501240
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents