Hack long enough and hard enough, and it’s a pretty safe bet that you’ll eventually cause unintentional RF emissions. Most of us will likely have our regulatory transgression go unnoticed. But for one unlucky hacker in Ohio, a simple project ended up with a knock at the door by local authorities and pointed questions to determine why key fobs and garage door remotes in his neighborhood and beyond had suddenly been rendered useless, and why his house seemed to be at the center of the disturbance.
Few of us want this level of scrutiny for our projects, so let’s take a more in-depth look at the Great Ohio Key Fob Mystery, along with a look at the Federal Communications Commission regulations that govern what you can and cannot do on the airwaves. As it turns out, it’s easy to break the law, and it’s easy to get caught.
Jeremy Hong knows a secret or two about things you shouldn’t do with radio frequency (RF), but he’s not sharing.
That seems an odd foundation upon which to build one’s 2018 Hackaday Superconference talk, but it’s for good reason. Jeremy knows how to do things like build GPS and radar jammers, which are federal crimes. Even he hasn’t put his knowledge to practical use, having built only devices that never actually emitted any RF.
There’s a school of thought that says complexity has an inversely proportional relation to reliability. In other words, the smarter you try to make something, the more likely it is to end up failing for a dumb reason. As a totally random example: you’re trying to write up a post for a popular hacking blog, all the while yelling repeatedly for your Echo Dot to turn on the fan sitting three feet away from you. It’s plugged into a WeMo Smart Plug, so you can’t even reach over and turn it on manually. You just keep repeating the same thing over and over in the sweltering July heat, hoping your virtual assistant eventually gets the hint. You know, something like that. That exact scenario definitely has never happened to anyone in the employ of this website.
Now it should be said, [Julio] is not claiming to be the first person to discover that ultrasonic sound can confuse MEMS gyroscopes and accelerometers. At Black Hat 2017, a talk was given in which a “Sonic Gun” was used to do things like knock over self-balancing robots using the same principle. The researchers were also able to confuse a DJI Phantom drone, showing that the technique has the potential to be weaponized in the real-world.
In July 1940 the German airforce began bombing Britain. This was met with polite disagreement on the British side — and with high technology, ingenuity, and improvisation. The defeat of the Germans is associated with anti-aircraft guns and fighter planes, but a significant amount of potential damage had been averted by the use of radio.
Night bombing was a relatively new idea at that time and everybody agreed that it was hard. Navigating a plane in the dark while travelling at two hundred miles per hour and possibly being shot at just wasn’t effective with traditional means. So the Germans invented non-traditional means. This was the start of a technological competition where each side worked to implement new and novel radio technology to guide bombing runs, and to disrupt those guidance systems.
We all know what the ultimate goal of 3D printing is: to be able to print parts for everything, including our own bodies. To achieve that potential, we need better ways to print soft materials, and that means we need better ways to support prints while they’re in progress.
That’s the focus of an academic paper looking at printing silicone within oil-based microgels. Lead author [Christopher S. O’Bryan] and team from the Soft Matter Research Lab at the University of Florida Gainesville have developed a method using self-assembling polymers soaked in mineral oil as a matrix into which silicone elastomers can be printed. The technique takes advantage of granular microgels that are “jammed” into a solid despite being up to 95% solvent. Under stress, such as that exerted by the nozzle of a 3D printer, the solid unjams into a flowing liquid, allowing the printer to extrude silicone. The microgel instantly jams back into a solid again, supporting the silicone as it cures.
[O’Bryan] et al have used the technique to print a model trachea, a small manifold, and a pump with ball valves. There are Quicktime videos of the finished manifold and pump in action. While we’ve covered flexible printing options before, this technique is a step beyond and something we’re keen to see make it into the hobby printing market.
[Andrew Nohawk], has noticed a spike of car break-ins and thefts — even in broad daylight — in his native South Africa. The thieves have been using remote jammers. Commercial detectors are available but run into the hundreds of dollars. He decided to experiment with his own rig, whipping up a remote jamming ‘detector’ for less than the cost of a modest meal.
Operating on the principle that most remote locks work at 433MHz, [Nohawk] describes how criminals ‘jam’ the frequency by holding down the lock button on another device, hoping to distort or outright interrupt the car from receiving the signal to lock the doors. [Nohawk] picked up a cheap 433MHz receiver (bundled with a transceiver), tossed it on a breadboard with an LED connected to the data channel of the chip on a 5V circuit, and voila — whenever the chip detects activity on that frequency, the LED lights up. If you see sustained activity on the band, there’s a chance somebody nearby might be waiting for you to leave your vehicle unattended.
As we fill our airwaves with more and more wirelessly connected devices the question of what could disrupt this systems becomes more and more important. Here’s a particularly interesting example because the proof of concept shows that you don’t need specialized hardware to pull it off. [Bastian Bloessl] found an interesting tweak to previous research that allows an Atheros WiFi card to jam WiFi by obscuring ACK frames.
The WiFi protocol specifies an Acknowledgement Frame (ACK) which is sent by the receiving device after error correction has been performed. It basically says: “yep, I got that data frame and it checks out”. This error correcting process turns out to be the key to [Bastian’s] technique as it provides time for the attack hardware to decide if it’s going to jam the ACK or not.
The jamming technique presented by [Mathy Vanhoef] at the end 2014 outlined both constant and selective jamming. The selective part involved listening for data packets and analyzing them to determine if they are headed to a MAC the attacker wishes to jam. The problem is that by the time your commodity hardware has decoded that address it’s too late to jam the packet. [Bastian] isn’t trying to jam the data frame, he’s jamming the ACK that the receiver sends back. Without that acknowledgement, the sender will not transmit any new data frames as it assumes there is a problem on the receiving end.