Mobile phones and GPS are all too easy to block, while a blanket Ofcom ban saps efforts to combat jammers.
The prevalence of high-speed internet, mobile telephony and wireless networking has made it easier than ever to be in constant communication. Business users break into a sweat when internet connection drops offline even for a few minutes and the humble home user is accustomed to over 99 per cent service availability.
Whether all this access is a good thing is a different debate – indeed, many might argue that shutting off the office internet connection would boost productivity in some circumstances.
Security systems take advantage of this cheap and easy communication. Alarms use phone links, both mobile and wired, to communicate with monitoring centres. CCTV relies on wireless communications, not necessarily WiFi but using the same frequency band. And vehicle-tracking systems use GPS to plot valuable cargoes.
Most of the time, this works fine. But although the systems are generally available all the time, availability in the face of a hostile third party was not necessarily in their design requirements, leading to some simple and effective attacks.
Take GPS. The signal received by a GPS unit at ground level is staggeringly weak, equivalent to viewing a 25 watt bulb from several thousand miles (–160dBw, for the technically minded). This is trivially easy to jam (see www.phrack.org/issues.html?issue=60&id=13#article).
Even worse, unless you're a military user, your GPS signal is basically unauthenticated, so a well-funded attacker can make your GPS receiver think it's anywhere on the planet. Most GPS devices are unable to prevent jamming (the military “P code” GPS signal is harder to jam, encrypted for authentication, but jamming is still a major concern).
Smarter vehicle-tracking systems fall back on other methods, such as VHF triangulation (as used by the Tracker anti-theft system), which are generally more available but less accurate. If you use such systems you should ask your vendor how they cope with jamming.
The mobile phone is equally easy to jam. Small handheld devices can block the signal for several metres, and mains-operated versions have larger ranges. If you're relying on the remote wipe capability of BlackBerry or Smartphone to keep your data safe, let's hope your attacker hasn't got a jammer in their pocket.
Similar devices can make mincemeat of any 2.4GHz wireless system, whether it's the office WiFi or a wireless CCTV system. Have a look at www.tayx.co.uk for an example of what's on offer.
Of course, jammers are illegal in most countries, but we're talking about attacks by criminals here. In the UK, the Wireless and Telegraphy Act explicitly forbids their use, and Ofcom is clear that they should not be used (www.ofcom.org.uk/radiocomms/ifi/enforcement/jammers/). This policy is quite sensible when applied to the cheap and cheerful “noise jammers”, which block the signals by broadcasting noise over the top. Such devices will often radiate on other frequencies and can cause serious interference with other non-communications equipment.
Unfortunately, a blanket ban means there's little incentive to produce smarter jamming equipment that accomplishes the same effect without undue interference (devices such as Esoteric's ECM601. See www.esotericltd.com/product7.html). There are certainly cases where mobile jamming would be beneficial, if done professionally, such as secure meeting rooms, prisons and even private homes.
For the security consultant, things are even worse. Although it is legal to perform a network and even physical penetration test with the customer's consent, you cannot legally test how jamming its communications will turn out (although you can do a “what if?” attack, but this is never as convincing as the real thing). In theory, Ofcom could license devices for such “authorised” use, but seems unwilling to discuss it (at least with me!).
“Always on” can become “off when you need it” when faced by a well equipped attacker. It's important to know how your systems will react to such attacks, and to plan accordingly.
Nick Barron is a security consultant. He can be contacted at firstname.lastname@example.org