Vulnerability Development mailing list archives
RE: Wireless device vulnerability?
From: "Toni Heinonen" <Toni.Heinonen () teleware fi>
Date: Mon, 25 Mar 2002 12:55:20 +0200
Good morning!
How susceptible are various wireless networking implementations to jamming (as a means to a DoS)?While several pages of well written technical fantasy may work for marketing, it's generally not a good idea to try feed fluff to engineering types. There will always be a greater financial incentive to create marketing hyperbole than to rebut it.
Oh, but I can assure you, I have no financial motives here. Actually, I was trying to be as clear about the technical transmission technologies as possible, sorry if I underestimated my audience. The original poster however asked on a very general basis, so I answered accordingly. And by no means did I mean to undermine the threats found in today's wireless networks. But, to the point.
A jamming device need not be smart or sophisticated. Choose an inverter IC with the appropriate timings, loop 3 inverters in series to generate a nice noisy signal on your base frequency. Since it's a square wave, you'll have lots of useful sidebands and harmonics. Tuning impedances can selectively create a lot of noise across multiple wide bands. Since spreading the noise across more bandwidth decreases the effective power, an output transistor may need to be added. Swamp the emitter until it's clipping the signal and producing more power on more frequencies. Add transistor stages as needed, since each costs about $1.
In the US and Europe, Bluetooth uses frequencies 2.400 MHz to 2.483,5 MHz, with 79 different bands to hop on, each 80 MHz wide or sometimes more. Seeing as you would not try to synchronize your jammer with the hop sequence, do you think it would really be capable of jamming that whole band? After all, even a square wave won't produce that much of a disturbance to the neighbouring bands. I mean, of course you could build a jammer like that, but wouldn't it cost too much? I mean, I see your point:
It will always be cheaper to DoS a wireless network than it is to build it.
Of course, the whole idea is that the protective safeguards for a system do not cost more than the protected assets. Seeing as how a Bluetooth chip is supposed to cost 5$ (of course not yet, but probably so after mass production), would it really be possible to build a jamming device of this magnitude for 10$ (the cost of a two-machine Bluetooth network)? Additionally, you did not comment on my analysis of WLAN/UMTS transmission a la DSSS. Do you have any ideas there? TONI HEINONEN, CISSP TELEWARE OY Telephone +358 (9) 3434 9123 * Fax +358 (9) 3431 321 Wireless +358 40 836 1815 Kauppakartanonkatu 7, 00930 Helsinki, Finland toni.heinonen () teleware fi * www.teleware.fi
Current thread:
- RE: Wireless device vulnerability? Toni Heinonen (Mar 23)
- Re: Wireless device vulnerability? John Lampe (Mar 23)
- RE: Wireless device vulnerability? J Edgar Hoover (Mar 24)
- <Possible follow-ups>
- RE: Wireless device vulnerability? Toni Heinonen (Mar 25)
- RE: Wireless device vulnerability? J Edgar Hoover (Mar 25)
- Re: Wireless device vulnerability? Bill Pennington (Mar 25)
- Re: Wireless device vulnerability? Kurt Seifried (Mar 26)
- RE: Wireless device vulnerability? J Edgar Hoover (Mar 25)
- RE: Wireless device vulnerability? Toni Heinonen (Mar 25)
- RE: Wireless device vulnerability? J Edgar Hoover (Mar 25)
- RE: Wireless device vulnerability? Toni Heinonen (Mar 25)
- RE: Wireless device vulnerability? Toni Heinonen (Mar 26)
- Re: Wireless device vulnerability? John Lampe (Mar 26)