Author Topic: Detecting WiFi jamming used to knock out security systems  (Read 15916 times)

0 Members and 4 Guests are viewing this topic.

Offline 5U4GBTopic starter

  • Frequent Contributor
  • **
  • Posts: 492
  • Country: au
Detecting WiFi jamming used to knock out security systems
« on: March 14, 2024, 11:34:28 am »
Just a thought experiment, inspired by yet another story about burglars using WiFi jamming to knock out security systems.  These stories tend to pop up from time to time, this is just the latest one. Unfortunately the reports don't mention what type of jammer is being used or even whether it's just an older story that's been recycled yet again, whether the tech is just a dumb blanket-the-frequency-range-with-noise or a smarter WiFi-knowledgeable one that sends dummy traffic or deauth packets.  The Aliexpress ones just seem to be dumb interference-generators, e.g. this sort (later photos show the spectrum plot) which presumably you plug into a USB power bank. 

For deauth jammers, the operation is described here.

So how would to detect this in a non-false-positive manner?  For the simpler blanket-with-noise style I was thinking an ESP32 that periodically scans each channel and reports possible jamming if every channel is saturated with noise.

Identifying deauth attacks seems a lot more difficult since you'd have to be listening in when the deauth happens, I assume that'd need to be done on the AP since that'll always see the deauth packets as they're targeted at it.

And yes, I'm aware of 802.11w but that seems to be implemented in a hit-and-miss fashion, in particular there's a vast amount of IoT gunk around that doesn't support it so won't be able to connect if the AP forces its use and so most APs that do support it disable it by default, also this question is more of a thought experiment about how you'd reliably detect something like this.
 

Offline ddosegov

  • Contributor
  • Posts: 16
  • Country: hr
Re: Detecting WiFi jamming used to knock out security systems
« Reply #1 on: March 14, 2024, 12:01:25 pm »
For jamming, best solution is usuall simplest one... Z-comm vco driven by NE555 and amplified with some MMIC, all powered from 9V battery fits cigarette-box sized case and does not require any user interaction after flipping on-off switch. Detection can be made with spectrum analyzer or SDR... or any recorder that have video loss detection.

 

Offline jonpaul

  • Super Contributor
  • ***
  • Posts: 3595
  • Country: fr
Re: Detecting WiFi jamming used to knock out security systems
« Reply #2 on: March 14, 2024, 12:27:11 pm »
True security require Ethernet or wired connections, NO WiFi and airgap to net.

Anything else is vulenrable.

j
Jean-Paul  the Internet Dinosaur
 
The following users thanked this post: tom66, SeanB, Ian.M, pdenisowski

Offline Berni

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: si
Re: Detecting WiFi jamming used to knock out security systems
« Reply #3 on: March 14, 2024, 12:38:16 pm »
And this is why actual professional security camera systems use twisted pair or coax cables.

But yeah home users are too lazy to run some CAT5 (Even tho they have to run power anyway), so everyone ends up using WiFi.

One possible solution is to also record to a SD card so you at least still have footage in case of failure. Even modern professional security cameras tend to use this. They both send live video back to the security server over Ethernet while at the same time loop recording on a SD card inside the camera. That way if intruders start cutting wires or disable the server, the cameras are still recording as long as they still have power from the separate UPS backed up power circuit. So to destroy the security footage you need to both destroy the server and camera.
 

Offline nctnico

  • Super Contributor
  • ***
  • Posts: 28052
  • Country: nl
    • NCT Developments
Re: Detecting WiFi jamming used to knock out security systems
« Reply #4 on: March 14, 2024, 02:03:41 pm »
For protocol attacks, an ESP32 could be a good option as this has all the radio & demodulation hardware + software stack. To check for wideband noise, you'll need an SDR. Maybe an ESP32 can be used to counter protocol attacks to by drawing the protocol attacks towards it so the actual Wifi signals are left alone.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline thm_w

  • Super Contributor
  • ***
  • Posts: 7211
  • Country: ca
  • Non-expert
Re: Detecting WiFi jamming used to knock out security systems
« Reply #5 on: March 14, 2024, 08:58:19 pm »
For jamming, best solution is usuall simplest one... Z-comm vco driven by NE555 and amplified with some MMIC, all powered from 9V battery fits cigarette-box sized case and does not require any user interaction after flipping on-off switch. Detection can be made with spectrum analyzer or SDR... or any recorder that have video loss detection.

As stated above, any decent security camera system has a video loss/tamper detection alert. Because yes, even on hardwired camera setups, the camera can still fail or can be spray painted and you want to be able to detect that.

Many wifi cams will also have an internal SD card, so it will record there as well as stream the footage.
Profile -> Modify profile -> Look and Layout ->  Don't show users' signatures
 

Offline nctnico

  • Super Contributor
  • ***
  • Posts: 28052
  • Country: nl
    • NCT Developments
Re: Detecting WiFi jamming used to knock out security systems
« Reply #6 on: March 14, 2024, 09:12:11 pm »
Many wifi cams will also have an internal SD card, so it will record there as well as stream the footage.
IMHO that is pretty useless as people who have entered a building, can easely and quietly remove the SD card. The best camera setup is hardwired and streams the video off-site directly. That way the footage is out of reach of people who enter a building.
« Last Edit: March 14, 2024, 09:14:14 pm by nctnico »
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline thm_w

  • Super Contributor
  • ***
  • Posts: 7211
  • Country: ca
  • Non-expert
Re: Detecting WiFi jamming used to knock out security systems
« Reply #7 on: March 14, 2024, 09:18:40 pm »
IMHO that is pretty useless as people who have entered a building, can easely and quietly remove the SD card. The best camera setup is hardwired and streams the video off-site directly. That way the footage is out of reach of people who enter a building.

The SD card on hikvision cameras is inside the waterproof enclosure so is not easily removable. Especially when the camera is mounted high up on a wall as shown in the article.
Profile -> Modify profile -> Look and Layout ->  Don't show users' signatures
 

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9238
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Detecting WiFi jamming used to knock out security systems
« Reply #8 on: March 14, 2024, 10:56:58 pm »
But yeah home users are too lazy to run some CAT5 (Even tho they have to run power anyway), so everyone ends up using WiFi.
Most often they reuse the outdoor outlet or outdoor lighting circuit, so lots of work saved. Homeplug would be a great solution but Homeplug cameras aren't very common.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline Someone

  • Super Contributor
  • ***
  • Posts: 4991
  • Country: au
    • send complaints here
Re: Detecting WiFi jamming used to knock out security systems
« Reply #9 on: March 15, 2024, 12:54:19 am »
So how would to detect this in a non-false-positive manner?
Why overcomplicate it: is the video camera returning images and sound?
yes) all good
no) go and investigate

What can you do if you detect interference?
 

Online Andy Chee

  • Super Contributor
  • ***
  • Posts: 1161
  • Country: au
Re: Detecting WiFi jamming used to knock out security systems
« Reply #10 on: March 15, 2024, 04:02:10 am »
So how would to detect this in a non-false-positive manner?
If you are getting frequent false-positive signal dropouts, then you need to improve your installation.  Either use a few more WiFi repeaters, or use wired cameras.
 

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9238
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Detecting WiFi jamming used to knock out security systems
« Reply #11 on: March 15, 2024, 04:58:38 am »
I wonder if deauth attacks could be rendered ineffective with a few ESP32 generating packets to simulate lots of networks with devices, so that the deauther spends a lot of time deauthing devices that don't even exist.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 
The following users thanked this post: nctnico, 5U4GB

Offline JoeyG

  • Regular Contributor
  • *
  • Posts: 133
  • Country: au
 

Offline nctnico

  • Super Contributor
  • ***
  • Posts: 28052
  • Country: nl
    • NCT Developments
Re: Detecting WiFi jamming used to knock out security systems
« Reply #13 on: March 15, 2024, 07:46:41 am »
IMHO that is pretty useless as people who have entered a building, can easely and quietly remove the SD card. The best camera setup is hardwired and streams the video off-site directly. That way the footage is out of reach of people who enter a building.

The SD card on hikvision cameras is inside the waterproof enclosure so is not easily removable. Especially when the camera is mounted high up on a wall as shown in the article.
A camera mounted high up is useless as criminals wear hats or hoodies. A high mounted camera won't catch their faces.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline 5U4GBTopic starter

  • Frequent Contributor
  • **
  • Posts: 492
  • Country: au
Re: Detecting WiFi jamming used to knock out security systems
« Reply #14 on: March 15, 2024, 12:32:24 pm »
For protocol attacks, an ESP32 could be a good option as this has all the radio & demodulation hardware + software stack. To check for wideband noise, you'll need an SDR. Maybe an ESP32 can be used to counter protocol attacks to by drawing the protocol attacks towards it so the actual Wifi signals are left alone.

Ah, good point, you could use them to tarpit attackers, or alternatively just to act as canaries to detect attacks.
 

Offline 5U4GBTopic starter

  • Frequent Contributor
  • **
  • Posts: 492
  • Country: au
Re: Detecting WiFi jamming used to knock out security systems
« Reply #15 on: March 15, 2024, 12:41:29 pm »
https://www.rcmodelreviews.com/wispy24i.shtml

Good idea, that would work, you can drive those from Linux using spectool so plug one into whatever Linux box you've got lying around and use spectool to pull the data off it.

An update, it looks like it's even simpler than that, nmcli will do this with
Code: [Select]
sudo nmcli dev wifi
Well, that took all the fun out of it, instead of playing with cool hardware it's just a few minutes of scripting an already-existing setup, and since it can act as a WiFi client it'll detect disassociation attacks as well.
« Last Edit: March 15, 2024, 01:21:38 pm by 5U4GB »
 

Offline ddosegov

  • Contributor
  • Posts: 16
  • Country: hr
Re: Detecting WiFi jamming used to knock out security systems
« Reply #16 on: March 15, 2024, 02:18:13 pm »
Just thinking what would microwave oven without mesh on the door mounted in car roof box do to nearby wireless devices? I fried wireless card in my laptop at 15ft (did that few times to be sure  ;) ) with less than 10W... ofc, powering microwave oven would require at least 1500W DC to AC converter, but that is not a rocket science....
 

Offline 5U4GBTopic starter

  • Frequent Contributor
  • **
  • Posts: 492
  • Country: au
Re: Detecting WiFi jamming used to knock out security systems
« Reply #17 on: March 27, 2024, 11:24:24 am »
Followup to my earlier post, looks like the best command is:
Code: [Select]
nmcli -t -f chan,signal dev wifiwhich shows the channel and signal strength in machine-processable format.  Since most places will be surrounded by a 3-degree background radiation of neighbouring APs, detecting WiFi jamming should just require detecting a sudden change in the steady state as all the surrounding APs vanish.

Now I just need to figure out how to test this without access to the sort of WiFi jammer that it's meant to counter.  Is anyone in a country where you're allowed to run one of these for testing able to post what it does to surrounding WiFi signals?
 

Offline jonovid

  • Super Contributor
  • ***
  • Posts: 1498
  • Country: au
    • JONOVID
Re: Detecting WiFi jamming used to knock out security systems
« Reply #18 on: June 16, 2024, 12:43:31 pm »
if its Illegal to have or use a jammer and so is burglary , what defence does it matter to a criminal?
US news video- wireless signal jammers are used in breaking & entering burglarys to disable wireless CCTV and mobile phone calls to US 911 emergency
this video shows the vulnerability of wireless networking technology to radio jammers.



https://www.usatoday.com/story/tech/columnist/komando/2024/02/29/thieves-using-wifi-jammer/72758559007/
Hobbyist with a basic knowledge of electronics
 
The following users thanked this post: Someone

Online Halcyon

  • Global Moderator
  • *****
  • Posts: 5973
  • Country: au
Re: Detecting WiFi jamming used to knock out security systems
« Reply #19 on: June 17, 2024, 05:20:09 am »
IMHO that is pretty useless as people who have entered a building, can easely and quietly remove the SD card. The best camera setup is hardwired and streams the video off-site directly. That way the footage is out of reach of people who enter a building.

The SD card on hikvision cameras is inside the waterproof enclosure so is not easily removable. Especially when the camera is mounted high up on a wall as shown in the article.

It wouldn't matter anyway on the Hikvisions, the Chinese government will have a backup of your footage, just ask them for a copy.  :box:
 

Offline fcb

  • Super Contributor
  • ***
  • Posts: 2130
  • Country: gb
  • Test instrument designer/G1YWC
    • Electron Plus
Re: Detecting WiFi jamming used to knock out security systems
« Reply #20 on: August 15, 2024, 02:40:16 pm »
There's been a series of car burglaries near my home.  No ones RING doorbells (including mine & at least 6 others) have any footage.

My first thought was crims are jamming WiFi.  My next thought is how easy would it be to detect the jamming and create an alert? I'm guessing that this problem is only going to get worse in the future.

https://electron.plus Power Analysers, VI Signature Testers, Voltage References, Picoammeters, Curve Tracers.
 

Online radiolistener

  • Super Contributor
  • ***
  • Posts: 4051
  • Country: ua
Re: Detecting WiFi jamming used to knock out security systems
« Reply #21 on: August 16, 2024, 07:52:10 am »
True security require Ethernet or wired connections, NO WiFi and airgap to net.

True security require no network connections, neither ethernet nor the WiFi...  :)
 

Offline pdenisowski

  • Frequent Contributor
  • **
  • Posts: 918
  • Country: us
  • Product Management Engineer, Rohde & Schwarz
    • Test and Measurement Fundamentals Playlist on the R&S YouTube channel
Re: Detecting WiFi jamming used to knock out security systems
« Reply #22 on: August 16, 2024, 10:04:29 am »
My next thought is how easy would it be to detect the jamming and create an alert?

I spent years hunting down jammers and other interference sources in the field as part of my job.  The short answer is that in order to be effective, a jammer has to be (a) loud, (b) wide, and (c) on most of the time*.  Detecting and radiolocating jammers is therefore usually very easy.

The issue is what do you do if a jammer is detected?  And what is the backhaul (so to speak)?  If a WiFi connected camera detects jamming and it's link back to the system is being jammed, it has no way to communicate this in-band.

I agree this is a (potentially) serious problem, but building jamming detection into devices that use a wireless connection doesn't seem like a solution to me.

*Yes, there are some sophisticated jammers (reactive, etc.) that don't necessarily meet these criteria, but these are extremely rare in non mil/gov applications.
Test and Measurement Fundamentals video series on the Rohde & Schwarz YouTube channel:  https://www.youtube.com/playlist?list=PLKxVoO5jUTlvsVtDcqrVn0ybqBVlLj2z8
 

Offline iMo

  • Super Contributor
  • ***
  • Posts: 5236
  • Country: bj
Re: Detecting WiFi jamming used to knock out security systems
« Reply #23 on: August 16, 2024, 10:09:28 am »
There's been a series of car burglaries near my home.  No ones RING doorbells (including mine & at least 6 others) have any footage.

My first thought was crims are jamming WiFi.  My next thought is how easy would it be to detect the jamming and create an alert? I'm guessing that this problem is only going to get worse in the future.

It is real, I had detected a strong jamming after a turmoil on our parking place when my neighbors where unable to close the doors of their cars with their remotes, it was long back and at 433 MHz (today perhaps different frequencies). They called police afterwards, afaik. No more jamming here since then.
Jamming could be easily detected as a strong broadbanded signal at the frequencies of interest, an SDR usb stick (working at the frequencies of interest, perhaps there are some up to wifi bands today) with proper antenna and a small computer (like Rpi-like one) watching the frequencies and evaluating the signal strength, based on that sending an SMS or an email with an alert, for example.
A weekend project for talented SDR people here, imho  :D
« Last Edit: August 16, 2024, 10:27:11 am by iMo »
Readers discretion is advised..
 

Offline Ranayna

  • Frequent Contributor
  • **
  • Posts: 913
  • Country: de
Re: Detecting WiFi jamming used to knock out security systems
« Reply #24 on: August 16, 2024, 10:26:19 am »
As long as we are talking about networked cameras, the easiest way to detect something like that would be on a higher level in the network stack.
Have something monitor the network reachability of the camera. Something that perodically pings the cam can already be enough.
Have that alert you if the camera does not respond.

Doing it like that you do not need to care about why the camera lost the connection, be it a cut cable, power loss, someone smashing the camera, wifi jamming or deauth attacks. If the camera goes offline you get alerted.
If you use an NVR i would think that those have such a monitoring built in, though i have to say i do not have personal experiences with NVRs.
 
The following users thanked this post: Someone


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf