Pocket-Sized Deauther Could Definitely Get You In Trouble

Interfering with radio communications, whether through jamming, deauthing attacks, or other meddling, is generally considered a crime, and one that attracts significant penalties. However, studying such techniques should provide a useful edge in the electronic wars to come. In this vein, [Giorgio Filardi] has recently built a WiFi deauther the size of a credit card.

The device has a simple interface, consisting of 3 buttons and a small OLED screen. It can also be accessed remotely and controlled through a web interface. A NodeMCU ESP8266 board runs the show, using [spacehuhn]’s deauther firmware. The point-to-point construction probably won’t hold up to much rough and tumble out in the field, but it’s fine for a bench test. We’d recommend constructing an enclosure if it was to be used more regularly.

There’s plenty of functionality baked in – the device can scan for networks, perform deauth attacks, and even create spoof networks. It’s a tricky little device that serves to highlight several flaws in WiFi security that are yet to be fixed by the powers that be.

Using one of these devices for nefarious purposes will likely get you into trouble. Experimenting on your own networks can be educational, however, and goes to show that wireless networks are never quite as safe as we want them to be.

If you’re wondering as to the difference between deauthentication and jamming, here’s your primer.

40 thoughts on “Pocket-Sized Deauther Could Definitely Get You In Trouble

    1. I think this is a reference to mentioning the first paragraphs “a crime” statement. This is not accurate. Yes there are many regs for radio, but for wifi nothing I know of. Deauth is not illegal. Spoofing a network is not illegal. Downloading something of off someones computer with out them knowing, that -is- illegal. Not saying it shouldn’t be a crime… it just isn’t and the law is vague on both state, national, and international levels.

      1. >Deauth is not illegal.

        Isn’t deauth packets what Marriot hotels got into trouble using a few years back? (In all fairness reporting was a bit vague on the details of how_

    2. You could probably argue the FCC’s Part 15 would qualify.. “Must not cause unwanted interference”… I think you could argue that deauthing could be considered interference.

      1. A deauthentication frame is a part of the 802.11 standard.

        You’re using a device that is compliant with the 802.11 standard, operating at a standard, legal power level, on a standard, legal frequency, with a completely legitimate, standard physical-layer implementation of 802.11, as well as legitimate 802.11 at the layers above that.

        “Interference”, in FCC terms, really only applies to physical RF interference – not to higher-level network interactions designed in a way that is annoying for users. This stuff, legally and technically, was never designed to be specific to the complexities of high-level computer network stacks.

        If you want to share the same unlicensed frequency that other people are using and they’re transmitting at an authorised power level – well you’re going to have to deal with it. If other users are legally compliant, in terms of the spectrum and power levels they are using, well you’ll just have to buy licensed spectrum if you really want assurance that you don’t have to deal with anybody else getting in the way.

        A deauthentication frame is a part of that standard, implemented into that standard, and you’re using it as it was designed.

        It is a legitimate, intentional interaction between the stations and AP which faithfully implement that standard.

        You could easily argue that this is not interference – it’s the intentional behaviour of the system.

        Sure, the standard might have been designed terribly for user experience in this case, but it’s working as designed.

        1. > It is a legitimate, intentional interaction between the stations and AP which faithfully implement that standard.

          So how does deauther fit into this description? It’s neither a station nor AP. And doesn’t it have to spoof the MAC address of AP? I bet there’s some court ruling from 60s or 70s making it a federal crime ;-)

  1. Ridiculous. First, you dont need a voltage regulator (look at the micro usb on the nodemcu device).
    Then, you can make something smaller and more robust use a Wemos D1+ an Oled shield. 7$ total.

  2. “COULD DEFINITELY” Mariott used deauth attacks against wifi hotspots on an industrial scale for years. In the end they were fined US $600k but no criminal charges were filed. I suspect they made more than $600k selling wifi to their victims.

    1. im sure that had to do more with abusive business practices than it had to do with the legalities of a de-auth, The point being that they were doing that so that they could force people to buy their services when they were not required.

      1. If they stated it forward they may have been alright. I dunno. All enterprise wireless solutions have deauth feature builtin for managing rogue APs in a physical space. Many non hospitality oriented organizations dont want stray APs running in their space. Also they all use MFP so they can’t be deauthed in return.

  3. “Interfering with radio communications, whether through jamming, deauthing attacks, or other meddling, is generally considered a crime”

    while that is true wifi is not the only communications channel out there i dont imagine that the emergency communications is done over wifi they have their own frequencies to avoid problems with wifi and to keep them more closed.

    also i dont know if the deauther even transmits a number than can be traced.

    of course if it was that illegal i am sure the fcc would have caught the capabilites of the cheap wifi modules and blocked them from coming int usa just like they are doing with the Baofeng radios.

    now if one was to broadcast a blank 1.4 to 5 ghz carrier to drown out the wifi they may say something

          1. More like the citation in price, and not the legality of it. You can pretty much do this with WiFi modules costing less than a bottle of beer (and smaller than the beer cap)!

    1. Why don’t you build something and notify us all about it, that’s more constructive than your (and my) comment…

      BTW. If you phone your mum, at least do it the hacker way using pulse dialing the hook contacts of your wired analog phone…

    2. My favorite thing about all these deauthers is network admins just see a little note that there was an attempt x number of times, at a specific time, with the coordinates and also a note that no connections were affected.

  4. Deauth can really only effect home players these days, people with personal hotspots etc… All of the enterprise products support Management Frame Protection, nearly all consumer endpoints support MFP. Many of the enterprise products also support sending deauths to rogue AP within a defined range too. Maybe this could project be used to verify a netadmin’s configuration of an enterprise product?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.