WiFi networking is one of those things that is reasonably simple to use, but has a lot of complex hidden features (dare we say, hacks) that make it work, or work better. For example, consider the Distributed Coordination Function (DCF) specified in the standard. Before a station can send, it has to listen for a certain time period. If the channel is clear, the station sends. If not, it has to delay a random amount of time before trying again. This is a form of Carrier Sense Multiple Access (CSMA) channel management.
Unfortunately, listening time is dead time when–at least potentially–there is no data transmitted on the network. DCF allows you to use various handshaking packets to do virtual carrier detection and ready/clear to send, but these are also less efficient use of bandwidth. There are other optional coordination functions available in the WiFi standard, but they all have their drawbacks.
[Aleksandar Kuzmanovic] at Northwestern University and two of his students have recently published a paper with a new way to coordinate multiple unrelated wireless networks using ubiquitous FM broadcast radio signals called WiFM. Instead of trying to synchronize to the WiFi data channel, this new scheme selects a strong FM radio station that broadcasts Radio Data Service (RDS) data (the data that populates the song titles and other information on modern radios).
The computers don’t read the RDS data exactly. Instead, they find patterns in the data and use it to develop a common idea of time–even if they are totally isolated from each other on the network. The idea is that stations close enough to hear one another will get the same FM radio stations at about the same strength and virtually at the same time. Unlike, for example, GPS, FM radio signals easily penetrate buildings. As a bonus, many WiFi chipsets (like the ones used in phones) can receive FM radio, too.
Once all the stations are synchronized, they determine which time slots are in use and schedule the remaining according to an algorithm described in [Kuzmanovic’s] paper. When traffic volume is light or legacy equipment is present, the stations can fall back to ordinary DCF.
There are few things of interest to the hacker here. First, the paper isn’t just a theoretical idea, it is backed up by an actual test setup that showed promising results. It would be possible to use this same scheme in other wireless configurations as well. What’s more, the test setup itself is interesting. The researchers used the hacker-friendly RTL-SDR hardware and Linux machines running GNU Radio. We’ve covered many, many uses of the RTL-SDR, but this one is pretty unique.