It used to be that having technical skills meant that fixing the computer problems of elderly relatives was a regular occurrence. Over the last few years this has been joined by another request on our time; friends with teenage children requesting help configuring their routers such that Internet access is curtailed when the kids should sleeping. In France a desperate parent took more extreme measures, buying a wideband frequency jammer to ensure les petits anges can’t waste the night away on social media sites through their cellular connections. It had the intended effect, but sadly it also interrupted cellular coverage over a wide area The French spectrum regulator ANFR sent in their investigators (French, Google Translate link), and now the unfortunate parent faces the prospect of up to 6 months imprisonment and €30,000 fine for owning and using a device that’s illegal in France.
A cursory search of everybody’s favourite online electronics bazaars will find plenty of these devices, so perhaps what’s surprising is that we don’t see more of these devices even if it’s not the first tale of interference tracking that we’ve seen. Judging by the strategies our friends with kids take, we’d suggest meanwhile to the unfortunate French person, that they simply equip their kids with restricted data plans.
One of the more popular social activities in China is group dancing in public squares. Often the pastime of many middle-aged and older women, participants are colloquially referred to as “dancing grannies.” While the activity is relatively wholesome, some dancers have begun to draw the ire of their neighbourhoods with their loud music and attempts to dominate the use of public parks and recreational areas.
Naturally, a technological solution sprung up promising to solve the problem. The South China Morning Post has reported on a “stun gun” device which claims to neutralise speakers from a distance, in an effort to shut down dance gatherings. The device created a huge stir on social media, as well as many questions about how it could work. It’s simpler, and a bit less cool, than you think. Continue reading “Speaker ‘Stun Gun’ Aims To Combat China’s Dancing Grannies”
If you spend enough time trolling eBay for interesting electronic devices to take apart, you’re bound to start seeing suggestions for some questionable gadgets. Which is how I recently became aware of these tiny GPS jammers that plug directly into an automotive 12 V outlet. Shipped to your door for under $10 USD, it seemed like a perfect device to rip open in the name of science.
Now, you might be wondering what legitimate uses such a device might have. Well, as far as I’m aware, there aren’t any. The only reason you’d want to jam GPS signals in and around a vehicle is if you’re trying to get away with something you shouldn’t be doing. Maybe you’re out driving a tracked company car and want to enjoy a quick two hour nap in a parking lot, or perhaps you’re looking to disable the integrated GPS on the car you just stole long enough for you to take it to the chop shop. You know, as one does.
But we won’t dwell on the potentially nefarious reasons that this device exists. Hackers have never been too choosy about the devices they investigate and experiment with, and there’s no reason we should start now. Instead, let’s take this piece of gray-area hardware for a test drive and see what makes it tick.
Continue reading “Teardown: Mini GPS Jammer”
It seems a bit unfair to pile on a product that has already been roundly criticized for its security vulnerabilities. But when that product is a device that is ostensibly deployed to keep one’s family and belongings safe, it’s plenty fair. And when that device is an alarm system that can be defeated by a two-dollar wireless remote, it’s practically a responsibility.
The item in question is the SimpliSafe alarm system, a fully wireless, install-it-yourself system available online and from various big-box retailers. We’ve covered the system’s deeply flawed security model before, whereby SDRs can be used to execute a low-effort replay attack. As simple as that exploit is, it looks positively elegant next to [LockPickingLawyer]’s brute-force attack, which uses a $2 RF remote as a jammer for the 433-MHz wireless signal between sensors and the base unit.
With the remote in close proximity to the system, he demonstrates how easy it would be to open a door or window and enter a property guarded by SimpliSafe without leaving a trace. Yes, a little remote probably won’t jam the system from a distance, but a cheap programmable dual-band transceiver like those offered by Baofeng would certainly do the trick. Not being a licensed amateur operator, [LockPickingLawyer] didn’t test this, but we doubt thieves would have the respect for the law that an officer of the court does.
The bottom line with alarm systems is that you get what you pay for, or sadly, significantly less. Hats off to [LockPickingLawyer] for demonstrating this vulnerability, and for his many other lockpicking videos, which are well worth watching.
Continue reading “Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised”
GPS jammers are easily available on the Internet. No, we’re not linking to them. Nevertheless, GPS jammers are frequently used by truck drivers and other people with a company car that don’t want their employer tracking their every movement. Do these devices work? Are they worth the $25 it costs to buy one? That’s what [phasenoise] wanted to find out.
These tiny little self-contained boxes spew RF at around 1575.42 MHz, the same frequency used by GPS satellites in high Earth orbit. Those signals coming from GPS satellites are very, very weak, and it’s relatively easy to overpower them with noise. That’s pretty much the block diagram for these cheap GPS jammers — put some noise on the right frequency, and your phone or your boss’s GPS tracker simply won’t function. Note that this is a very low-tech attack; far more sophisticated GPS jamming and spoofing techniques can theoretically land a drone safely.
[phasenoise]’s teardown of the GPS jammer he found on unmentionable websites shows the device is incredibly simple. There are a few 555s in there creating low-frequency noise. This feeds a VCO with a range of between 1466-1590 MHz. The output of the VCO is then sent to a big ‘ol RF transistor for amplification and out through a quarter wave antenna. It may be RF wizardry, but this is a very simple circuit.
The output of this circuit was measured, and to the surprise of many, there were no spurious emissions or harmonics — this jammer will not disable your cellphone or your WiFi, only your GPS. The range of this device is estimated at 15-30 meters in the open, which is good enough if you’re a trucker. In the canyons of skyscrapers, this range could extend to hundreds of meters.
It should be said again that you should not buy or use a GPS jammer. Just don’t do it. If you need to build one, though, they’re pretty easy to design as [phasenoise]’s teardown demonstrates.
Terminology is something that gets us all mixed up at some point. [Seytonic] does a great job of explaining the difference between WiFi jammers and deauthenticators in the video embedded below. A lot of you will already know the difference however it is useful to point out the difference since so many people call deauth devices “WiFi Jammers”.
In their YouTube video they go on to explain that jammers basically throw out a load of noise on all WiFi channels making the frequencies unusable in a given distance from the jammer. Jammers are also normally quite expensive, mostly illegal, and thus hard to find unless of course you build your own.
WiFi deauthentication on the other hand works in a very different way. WiFi sends unencrypted packets of data called management frames. Because these are unencrypted, even if the network is using WPA2, malicious parties can send deauthentication commands which boot users off of an access point. There is hope though with 802.11w which encrypts management frames. It’s been around for a while however manufacturers don’t seem bothered and don’t implement it, even though it would improve the security of a WiFi device from these types of attacks.
Continue reading “WiFi Deauthentication VS WiFi Jamming: What Is The Difference?”
In a move that would induce ire in Lord Helmet, [Kedar Nimbalkar] has recreated Instructables user spacehun’s version of WiFi jammer that comes with a handful of features certain to frustrate whomever has provoked its wrath.
The jammer is an ESP8266 development board — running some additional custom code — accessed and controlled by a cell phone. From the interface, [Nimbalkar] is able to target a WiFi network and boot all the devices off the network by de-authenticating them. Another method is to flood the airspace with bogus SSIDs to make connecting to a valid network a drawn-out affair.
This kind of signal interruption is almost certainly illegal where you live. It does no permanent damage, but once again raises the existing deauth exploit and SSID loophole. [Nimbalkar]’s purpose in recreating this was for educational purposes and to highlight weaknesses in 802.11 WiFi protocols. The 802.11w standard should alleviate some of our fake deauth woes by using protected frames. Once the device authenticates on a network it will be able to detect fake deauth packets.
We featured a more targeted version of this hack that can be done using a PC — even targeting itself! And more recently there was a version that can target specific devices by jumping on the ACK.
Continue reading “Sir, It Appears We’ve Been Jammed!”