WiFi jamming attacks more simple and cheaper than ever
A security researcher has demonstrated that jamming WiFi, Bluetooth, and Zigbee networks is not difficult to perform but, most importantly, also not as costly as one might think.
According to Mathy Vanhoef, a PhD student at KU Leuven (Belgium), it can easily be done by using a Wi-Fi $15 dongle bought off Amazon, a Raspberry Pi board, and an amplifier that will broaden the range of the attack to some 120 meters.
The attack would hit all devices within range that operate in the 2.4 and 5 Ghz bands.
With the above mentioned networks being crucial to the functioning of many IoT devices and systems – home security systems, car locks, baby monitors, and so on – it should be obvious that the fact that these attacks can be performed so easily and cheaply may lead to serious consequences.
In fact, it is known that cheap jammers are already being used by crooks around the world:
That’s why it’s crucial that defenders are able to detect these attacks when they are going on, even if they can’t stop them.
During his recent presentation at BruCON, Vanhoef explained that by modifying the dongle’s firmware he was able to force the target networks to always give priority to the device’s transmissions. If the device is made to transmit continuously, it means that all other devices won’t be able to, making the channel effectively unusable.
His attempts at selective jamming (blocking specific packets) have been less successful, and he concluded that 100% reliable selective jamming is not possible.
He also says that these low-level jamming attacks could influence attacks on higher level protocols. For example, he says that they can be used to mount a channel-based MiTM attack against WPA’s Temporal Key Integrity Protocol (TKIP), which is still widely used.
For those interested in more details, here’s a video recording of Vanhoef’s talk: