Jamming WiFi By Jumping On The ACK

As we fill our airwaves with more and more wirelessly connected devices the question of what could disrupt this systems becomes more and more important. Here’s a particularly interesting example because the proof of concept shows that you don’t need specialized hardware to pull it off. [Bastian Bloessl] found an interesting tweak to previous research that allows an Atheros WiFi card to jam WiFi by obscuring ACK frames.

The WiFi protocol specifies an Acknowledgement Frame (ACK) which is sent by the receiving device after error correction has been performed. It basically says: “yep, I got that data frame and it checks out”. This error correcting process turns out to be the key to [Bastian’s] technique as it provides time for the attack hardware to decide if it’s going to jam the ACK or not.

The jamming technique presented by [Mathy Vanhoef] at the end 2014 outlined both constant and selective jamming. The selective part involved listening for data packets and analyzing them to determine if they are headed to a MAC the attacker wishes to jam. The problem is that by the time your commodity hardware has decoded that address it’s too late to jam the packet. [Bastian] isn’t trying to jam the data frame, he’s jamming the ACK that the receiver sends back. Without that acknowledgement, the sender will not transmit any new data frames as it assumes there is a problem on the receiving end.

27 thoughts on “Jamming WiFi By Jumping On The ACK

      1. Or what if you are a security researcher or student trying to learn more about it or an inventor trying to understand how to patent a fix for this issue or are a patent examiner trying to test it out or a corporation looking to resolve it with a software patch to your own hardware?

        1. An hotel is not a private network but rather a public network with restricted access usually for a fee. Also, the hotel was intentionally blocking a legitimate operation of a different entity with the intention to increase their own business.

          Not even close to jamming your own personal network.

          If jamming networks were to land you in prison, then most owners of neon signs would be looking for a good criminal defense lawyer.

          1. I think the intention is the key here.
            A hotel is intending to block WiFi, a neon sign is not intentionally interfering and has been approved to generate a certain amount of RFI as it cannot be commercially designed to operate otherwise.
            Blocking your own WiFi isn’t likely to get you in trouble but if your experiments cross your property line you’re gonna get a knock on your door eventually. A DA looking to make a name for themselves could easily argue that since the ‘jammer’ was intended to jam WiFi it is your reasonable expectation that your activity may interfere with other’s legal operation. Coupled with the general tech ignorance of the Judiciary and you’re in for an expensive battle.

        2. The hotel was jamming networks THEY DIDNT OWN. Now they could jam their own network just fine, like mac address white/black listing. You can do whatever you want to your own network, or other networks with permission.

    1. No… but at least one government was considering using ankle-mounted WiFi jammers to block cyber criminals from accessing such networks. This would mean such a device could target particular devices instead of blacking out everyone in a given radius.

      (That solution completely overlooks Ethernet, Bluetooth, IRda, VLC, cellular and other modes of communication… as well as practical considerations like battery life, but who thinks about that?)

    2. Knowledge is not illegal. And often it is good to know vulnerabilities of a system. Either to find a way to circumvent them or to know what to look for if your system shows strange malfunctions.
      And it is also not illegal to do such experiments in a controlled environment where you can ensure that nobody suffers interference. You could always do it in a shielded chamber.

    3. There’s always a moralist in every crowd. “No! Don’t! Stop!” You obviously don’t belong on a hack site. Go back to your knitting with the other church ladies, Grandma, and let the rest of us do our jobs. Okay?

        1. Raspberry jam
          up the arse
          nah, don’t be silly. Raspberry jam shouldn’t go up the arse.
          Shouldn’t but it does! You drop your trousers when there’s raspberry jam out and whooop: Right up the arse.

      1. Yeah, +1 for ‘click-bait’ image. You have subconsciously injected the thought of delicious raspberry jam on toast for breakfast; I can see through you tricks, but will eat toast with raspberry jam tomorrow out of my own free will, and also because it is delicious.

        You can tell it is jam because of the seeds. ;)
        Or, are the seeds not as important as I thought?…

      2. Yeah I’m the same I do web design and deal with graphics, Making something relevant yet interesting is a challenge but also rewarding when done correctly. Hackaday in general seems to do well when it comes to images. A lot of other sites think it’s appropriate to use boring stock images everywhere. I’m not knocking stock images I use them all the time but sometimes even a slight change to a stock image can change the reader’s whole outlook and get them to click on the article.
        People love images and snappy titles if you can get them both right you have won half the battle in getting visitors to read your content.

  1. Jelly, jam and preserves are all made from fruit mixed with sugar and pectin. The difference between them comes in the form that the fruit takes.

    In jelly, the fruit comes in the form of fruit juice.
    In jam, the fruit comes in the form of fruit pulp or crushed fruit (and is less stiff than jelly as a result).
    In preserves, the fruit comes in the form of chunks in a syrup or a jam.

Leave a Reply to GregoryCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.