Comments

Dr. I. Needtob AtheOctober 13, 2015 12:09 PM

The article doesn't mention drones but they're controlled on 2.4 Ghz and should be vulnerable as well. This would probably be a better solution to privacy invasions than a shotgun.

Clive RobinsonOctober 13, 2015 12:50 PM

@ Dr I. Needtob Athe,

The article doesn't mention drones but they're controlled on 2.4 Ghz and should be vulnerable as well

Such a system --all be it highly expensive-- is in existence and has recently been demonstrated at a Defence Manufacturers Expo.

The problem is that these jamers work at the protocol level, not at lower levels. Thus they need to know how the communications protocols work. If they don't then they are little more than an in-band source of interference that there are well known ways of avoiding (WiFi has ways to deal with this sort of interference already otherwise you it could not work in the shared unlicensed ISM bands.

jonOctober 13, 2015 12:56 PM

Even if you could Jam a Drone from talking to it's controller, it doesn't mean it's going to land nicely in front of you... it could be flying a pre-programmed flight, or it could be programmed to return to base when it loses connectivity.

rgaffOctober 13, 2015 1:08 PM

Way back in the early wifi days (remember 802.11b?), my cordless phone and microwave oven both made for great jammers... the range was my whole house.

ianfOctober 13, 2015 1:15 PM


@ Clive “these jammers work at the protocol level, not at lower levels.

    Are you talking of anti-drone jammers, or the previously mentioned anti-WiFi ones?
@ jon - there seems to be a sub genre (subculture?) of "zombie drones," designed explicitly to take over targeted units and make them their slaves. I don't know the details, but have seen at least two different "proofs of the concept" with visible capture and follow-me flight behavior.

Alien JerkyOctober 13, 2015 1:29 PM

Radio is Radio. Does not matter what protocol is in use. The physics is the same. Transmit noise at a high energy level in their operating band, even if it is a wide band of frequencies, and the receivers overload causing them to jam. Do not need to know the protocol. Just need to overload the receiver with garbage and intensity.

Clive RobinsonOctober 13, 2015 1:44 PM

@ Jon,

... it could be flying a pre-programmed flight, or it could be programmed to return to base when it loses connectivity

It could, but in the case of the system recently shown, one of their claims is to land the drone away from the protected area.

The simple fact is can such systems be defeated, the answer is most definitely yes and I've said so in the past. However there is a second part to the question which is "capabilities and resources".

Whilst evading such jamming is easily possible and having an autopilot likewise, are they currently built into the available drones in a way that can not be overridden by a jamming system who's manufacture has shall we say a not publicly known arrangement with the drone manufacturer?

So a degree of technical sophistication would be required from those choosing to prevent such a take over. I can think of a number of hardware and software ways to do this. But I'm also quite aware of the level of sophistication to achieve them. Whilst I can say I've only a limited knowledge of terrorist and similar attacks in recent times, of those that have been reported little or no technical sophistication in those areas has been reported (which is perhaps odd when you consider what Hezbola did with respect to Israeli Defence Force --supposedly-- secure radio systems).

So whilst I would not rule out the possibility, I would currently rate it as quite low on the list of threat vectors.

Further though you would have to ask what sort of weapon an available drone could carry and what target it could be used against and importantly if it was going to be reusable or not.

For instance, if it had a Claymore underneath then this has a reasonably well known dispersal pattern. But whilst it might work against a crowd of people, it would not guarantee any particular individual. Further it would be a one shot device as the drone would either be destroyed or thrown out of stable flight in what most likely would be an unrecoverable flight attitude.

I suspect those with the sophistication to be able to secure a drone, know it is also not in reality a weapon that is worth the expenditure of resources to build. They would be better put to delivering more kinetic payload to a target in other more achievable ways.

albertOctober 13, 2015 1:56 PM

LE is already using jammers.

With drones, the object is to jam the video, which is usually on a different frequency, depending on the drone. If there's enough separation, you can kill the video, and let everything else run. It would be very hard to prove, without a crashed drone in your backyard:)
.
I agree with @Alien Jerky, but the more sophisticated approach seems to be harder to detect. I would assume that drones use proprietary protocols.
.
. .. . .. _ _ _

Clive RobinsonOctober 13, 2015 2:03 PM

@ ianf,

Both.

@ Alien Jerky,

The article makes it clear that the way this jammer works is via a protocol attack not by an RF blocking attack.

Simply pushing lots of CW power into the ether is the most inefficient method of jamming and rarely used because of this. More efficient is a tailored jamming system that is modulated in a way that causes problems in the demodulator of the receiver being jammed, usually by using a high peek pulse power at a critical frequency to the receiver demodulation. Even more efficient is to mess with the stages beyond the receiver such as sending valid modulation that mucks up the computer data processing.

If you want more information on this, when I'm back at my dead tree cave I can dig out a couple of ISBNs.

BuzzzzOctober 13, 2015 2:03 PM

Even cruder and simpler:

A microwave oven with the interlock disabled and an open door. Just keep your eyeballs and brain [if any] out of the broad beam.

If you're mechanically inclined, you could place the magnetron at the focus of a parabolic dish, and aim the 800W straight to the flying bugger. This would probably saturate the front end of the bird, even if the spectrum is relatively narrow relative to width of the ISM band.

Of course, you'd be violating about 300 different FCC regulations, but hey, you could invoke your constitutional right to carry [and use] arms. ;-)

If you're even more electromechanically inclined, you could attempt to tune the output frequency with a plunger or by modulating the anode.

AJWMOctober 13, 2015 2:38 PM

@ Alien Jerky

"Do not need to know the protocol. Just need to overload the receiver with garbage and intensity."

That depends on what you're trying to accomplish. If you just care about jamming, you're right. If you want to do something more subtle, you need to know the protocol.

To use an example from very early in radar days, consider the difference between "Window" (chaff) and "Moonshine" (spoofing). The former uses a cloud of resonant foil strips to create a blinding reflective cloud to the radar. The latter (something my dad worked on back in the day) detects the signal then sends a series of delayed and amplified echoes back, fooling the radar into thinking there are multiple specific targets (like, say, a fleet of bombers where in reality there's just one plane with the Moonshine gear aboard -- handy if you want the Luftwaffe to scramble its interceptors at the wrong time).

You could jam WiFi (and Bluetooth, etc) with a Tesla coil or a magnetron, but if you want to hijack a signal or a drone you need to be more subtle.

GrauhutOctober 13, 2015 7:40 PM

Isnt it a little late to pose with wifi jamming?

Ever since the ath(5k) driver was released people were playing with it. :)


For more serious sports activities get a hackrf or something comparable.

FigureitoutOctober 13, 2015 11:52 PM

Can anyone explain why a deauth wifi jamming program would affect devices connected directly to the router which is connected directly to modem? So if you have just a single router connected to modem then just jamming the wifi may take that entire AP down; something seems wrong...

rOctober 14, 2015 12:39 AM

single processor DoS, all that activity doing re-auth responses followed by immediate dea[u]ths. it is kind've a time-slice amplification attack, the deauths are essentially unchallenged garbage [target mac addresses are clearspace and not encrypted/atomized representations] and they would lead to a large increase in the execution of encryption and hashing procedures on the router's cpu die.

?

i think that's right,

FigureitoutOctober 14, 2015 12:44 AM

r
--That's nasty as hell if that's right. And doesn't make sense we can't defeat that easily, meh.

rOctober 14, 2015 1:00 AM

there's an attack on backend database's over http that is conceptually the same i believe, basically eats up WAY MORE cycles than it should for a simple flood.

rOctober 14, 2015 1:07 AM

saturation of deauth though is pretty short lived, i'm not aware of instances that make it longer lasting than MAYBE 30 seconds past transmission? maybe a really crappy router might choke out and reboot or overheat vs a sustained attack but recovery afaik is reasonably fast with consumer grade stuff. deauth floods should be pretty easy to detect too but i do agree there should be some sort of mac atomization for a deauth to succeed not merely the broadcast deauth and directed ones, maybe a deauth key/atom sent within the handshake agreement? acks.

clickmindOctober 14, 2015 2:15 AM

http://click-mind.com


Bikaner, Which was till now famous for its savories is very shortly going to emerge as a software development city due to the arrival of the Click Mind Company. The company describes itself as a global talent development company and offers learning and knowledge solutions to individuals, enterprises and institutions in information technology, business process outsourcing, retail, real estate, banking, finance and insurance, executive management education, school, education, communication and professional life skills, and vocational skills training. Company ha lot of experience globally in CRM, ERP, open CBS, Core banking, iPhone, mobile applications using x-code. Company has well experienced team zone for.Net, magenta. joomlal, open cart, e-commercialism.

This company being run by Microsoft Professional Sarang Chawla, who aims to provide computer language professional training with the platform of placement skills necessary For students to geinvesteded in IT Companies.

Till now, pupils have to go Jaipur, Delhi, Bangalore for learning professional languages and training. But now with the opening of a center, Students will get all advanced courses in Bikaner it. This, Will definitely bring development.

Our creativity is fueled by innovation, loyalty. Through our innovative young culture, we are developing solutions for the people, by the people, for the people, to transform this world by building top notch softwares.

Click Mind committed to helping forward-thinking organizations position sustainability as centraley lever to long-term success and, ultimately, high performance. We help organizations leverage their assets and capabilities to force innovation and profitable growth while striving for a positive economic, environmental and social impact.

The pieces began to click in my mind: ,

Ourteams spirit is what binds us together to work towards a commondestinationl and deliver beyond expectations. We co-operate, collaborate, communicate and empower each other in a way that collective efforts translate intoparticularl solutions.

Transparency is what makes us stand apart from ourcompetitorss. We are dependable, ethical and fair in all our activities.

Responsibility to satiate your needs We deliver our promises andadmite our mistakes.

Whetake upstart any project, we always look at how to strike the best balance between meeting business objectives, delivering an effective and well-designed user experience, and following rigorous software design principles.

Weholdt the principles of agile development and we continuously adapt this methodology so that it fits well within all of our projects, from a simple website, to a multi-platform enterprise application. This allows us to deliver the features with the highest business value first and to progressively deliver fully-functionally validated, and tested versions throughout development.

James SutherlandOctober 14, 2015 6:22 AM

My understanding was that a deauth flood could be continued indefinitely: anything connecting just gets disconnected again. Fortunately, exploiting that stupid security flaw is illegal (there have been a few six figure fines handed out by the FCC now, and perhaps now they've found some dentures Ofcom will follow suit in the UK) and the hole is patched in something like 802.11w by adding a cryptographic authenticator to genuine deauth packets, enabling the forgeries to be discarded at last. I'm not sure it's implemented in OS X or the mobile platforms yet though, which is a pain.

Clive RobinsonOctober 14, 2015 7:02 AM

@ James Sutherland,

there have been a few six figure fines handed out by the FCC now

Yes, the Marriott Hotel chain got hit with 600,000USD this time last year. Supposedly they were trying to stop guests using their own "Hotspots" in and around the hotel.

The reason it's so easy, is the protocols say that neither party can ignore a de-auth frame and it did not need to be encrypted (not sure if that has been changed).

Some home built AP's on the likes of *nix can be made to report it as an attack to the admin, as well as effectively ignoring it otherwise (which might also cause the FCC to get their underwear in a wad...).

As for OfCon I would assume that they leave their false teeth in the glass on the nightstand as a starting position unless "Global Radio" jumps on a politicos head over pirate radio, and the politico starts in turn jumping on OfCom. Which as it's the Tories in power currently is very unlikely, as previously they took a "free market" attitude to pirates, as it aligns with Murdoch's bash the BBC line.

MartinOctober 14, 2015 7:53 PM

Slashdot.org still delivers a page to your browser, but it is delivered without CmdrTaco. Without CmdrTaco it is not really slashdot...so no, the real slashdot is not available.

Anonimous CowardOctober 15, 2015 8:03 AM

Oh, someone finally discovered you can do a lot of harm with simple tools?

Just search about MDK3, and you will see: its not hard to cause chaos in some area at all! Wi-Fi haves some poorly thought places and it can be abused. E.g. you can disconnect everyone in your area at will. And keep doing so. Needless to say, they will have either no networking at all or it would be seriously impacted. Then, you can spawn 1000 fake APs, and most devices will struggle to get idea who is real or not, getting stuck on trying to connect to non-existent APs.

Then, WEP is insecure and cracked in about 30 minutes. Some nuts are still using it. And even if they're not, there is brand-new WPS misfeature. It allows to break-n-enter in seconds to hours. Then, most users do not change default admin login on router. And even if they do, factory firmware often comes with handy backdoors. Needless to say, one can completely overtake control of router and do anything. Up to erasing flash ROM and permanently bricking device, etc.

But before starting wrecking chaos, there is one little thing to consider. Any radio transmitter can inherently be located. By doing some simple measurements one can get idea about transmitter location. So if you'll be annoying enough for a while, you can easily guess what would follow...

JerryOctober 20, 2015 4:33 PM

Yeah, Slashdot still exists. What do people use as alternative for Slashdot? Any suggestions?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.