Massive reactive smartphone-based jamming using arbitrary waveforms and adaptive power control

It is not commonly known that off-the-shelf smartphones can be converted into versatile jammers. To understand how those jammers work and how well they perform, we implemented a jamming firmware for the Nexus 5 smartphone. The firmware runs on the real-time processor of the Wi-Fi chip and allows to reactively jam Wi-Fi networks in the 2.4 and 5 GHz bands using arbitrary waveforms stored in IQ sample buffers. This allows us to generate a pilot-tone jammer on off-the-shelf hardware. Besides a simple reactive jammer, we implemented a new acknowledging jammer that selectively jams only targeted data streams of a node while keeping other data streams of the same node flowing. To lower the increased power consumption of this jammer, we implemented an adaptive power control algorithm. We evaluated our implementations in friendly jamming scenarios to oppress non-compliant Wi-Fi transmissions and to protect otherwise vulnerable devices in industrial setups. Our results show that we can selectively hinder Wi-Fi transmissions in the vicinity of our jamming smartphone leading to an increased throughput for other nodes or no blockage of non-targeted streams on a jammed node. Consuming less than 300 mW when operating the reactive jammer allows mobile operation for more than 29 hours. Our implementation demonstrates that jamming communications was never that simple and available for every smartphone owner, while still allowing surgical jamming precision and energy efficiency. Nevertheless, it involves the danger of abuse by malicious attackers that may take over hundreds of devices to massively jam Wi-Fi networks in wide areas.

[1]  Sung-Ju Lee,et al.  STROBE: Actively securing wireless communications using Zero-Forcing Beamforming , 2012, 2012 Proceedings IEEE INFOCOM.

[2]  Srikanth V. Krishnamurthy,et al.  Denial of Service Attacks in Wireless Networks: The Case of Jammers , 2011, IEEE Communications Surveys & Tutorials.

[3]  Tien Dang Vo-Huu,et al.  Interleaving Jamming in Wi-Fi Networks , 2016, WISEC.

[4]  Ivan Martinovic,et al.  Short paper: reactive jamming in wireless networks: how realistic is the threat? , 2011, WiSec '11.

[5]  Guevara Noubir,et al.  On link layer denial of service in data wireless LANs: Research Articles , 2005 .

[6]  Ming Li,et al.  Jamming Resilient Communication Using MIMO Interference Cancellation , 2016, IEEE Transactions on Information Forensics and Security.

[7]  Daesik Hong,et al.  OFDM Channel Estimation With Jammed Pilot Detector Under Narrow-Band Jamming , 2008, IEEE Transactions on Vehicular Technology.

[8]  Ming Li,et al.  MIMO-based jamming resilient communication in wireless networks , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[9]  Xin Liu,et al.  Performance of IEEE 802.11 under Jamming , 2008, Mobile Networks and Applications.

[10]  Ivan Martinovic,et al.  Gaining insight on friendly jamming in a real-world IEEE 802.11 network , 2014, WiSec '14.

[11]  Tuomas Sandholm,et al.  Power napping with loud neighbors: optimal energy-constrained jamming and anti-jamming , 2014, WiSec '14.

[12]  Ivan Martinovic,et al.  Friendly Jamming on Access Points: Analysis and Real-World Measurements , 2016, IEEE Transactions on Wireless Communications.

[13]  Kevin Fu,et al.  They can hear your heartbeats: non-invasive security for implantable medical devices , 2011 .

[14]  Shabnam Sodagari,et al.  Performance impact of asynchronous off-tone jamming attacks against OFDM , 2013, 2013 IEEE International Conference on Communications (ICC).

[15]  James Brown,et al.  Defend your home!: jamming unsolicited messages in the smart home , 2013, HotWiSec '13.

[16]  Dina Katabi,et al.  Physical layer wireless security made fast and channel independent , 2011, 2011 Proceedings IEEE INFOCOM.

[17]  Χαράλαμπος Κωνσταντόπουλος,et al.  Defending wireless sensor networks from jamming attacks , 2015 .

[18]  Frank Piessens,et al.  Advanced Wi-Fi attacks using commodity hardware , 2014, ACSAC.

[19]  P. Lawson,et al.  Federal Communications Commission , 2004, Bell Labs Technical Journal.

[20]  Ivan Martinovic,et al.  Jamming for good: a fresh approach to authentic communication in WSNs , 2009, WiSec '09.

[21]  Heejo Lee,et al.  Carving secure wi-fi zones with defensive jamming , 2012, ASIACCS '12.

[22]  Mu Zhou,et al.  Improving WLAN throughput via reactive jamming in the presence of hidden terminals , 2013, 2013 IEEE Wireless Communications and Networking Conference (WCNC).

[23]  T. Charles Clancy,et al.  Efficient OFDM Denial: Pilot Jamming and Pilot Nulling , 2011, 2011 IEEE International Conference on Communications (ICC).

[24]  Matthias Hollick,et al.  DEMO: Using NexMon, the C-based WiFi firmware modification framework , 2016, WISEC.

[25]  Loukas Lazos,et al.  Selective Jamming Attacks in Wireless Networks , 2010, 2010 IEEE International Conference on Communications.

[26]  Guevara Noubir,et al.  On link layer denial of service in data wireless LANs , 2005, Wirel. Commun. Mob. Comput..

[27]  Matthias Hollick,et al.  Nexmon: Build Your Own Wi-Fi Testbeds With Low-Level MAC and PHY-Access Using Firmware Patches on Off-the-Shelf Mobile Devices , 2017, WiNTECH@MobiCom.

[28]  Fengyuan Xu,et al.  IMDGuard: Securing implantable medical devices with the external wearable guardian , 2011, 2011 Proceedings IEEE INFOCOM.

[29]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[30]  Peng Ning,et al.  Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time , 2013, 2013 IEEE Symposium on Security and Privacy.

[31]  Petar Popovski,et al.  Shout to Secure: Physical-Layer Wireless Security with Known Interference , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.