Jamming Communications with SDR

Disclaimer - I am not a lawyer and the following information should not be construed as legal advise. Most likely if you engage in any sort of jamming or making of equipment used for jamming you are screwed no matter what ways you think you have circumvented the law. If you have in fact found a way to circumvent the law I urge you to speak with a lawyer so they can tell you exactly how you are wrong.

Summary

The sale, importation and use of Wi-Fi, GPS and Cellular signal jammers is prohibited in the United States. Technology moves faster than law however and seemingly innocent devices can be repurposed to nefarious ends. The future of Software Defined Radio will depend on the choices the community makes and the projects it supports.

The Federal Communication Commission

It should come as no surprise that the FCC frowns upon disruption of legitimate transmission and reception of signals. In 2005 the FCC issued a public notice specifically addressing the “Sale or Use of Transmitters Designed to Prevent, Jam or Interfere with Cell Phone Communications…”

They also published a FAQ more recently on “GPS, Wi-Fi, and Cell Phone Jammers” to help answer any outstanding questions. It’s only 9 pages and an interesting read as is their Jammer Enforcement portion of the website at the bottom where you can see all the recent enforcement actions (people/companies they went after for violating the law).

A point that the FCC makes in their FAQ is in regard to disclaimers. It is on page 6 and says the following:

IMPORTANT NOTE ON DISCLAIMERS: We emphasize that it is insufficient and misleading for manufacturers and retailers to include a disclaimer on their websites or in promotional or advertising materials stating or implying that U.S. consumers bear sole responsibility for complying with the applicable legal obligations. The manufacturer or retailer is also violating the law both by offering the device for sale to U.S. consumers and completing the sales transaction. Use of disclaimers that purport to place the sole burden on the buyer cannot absolve the manufacturer or retailer of liability.

Basically this says a disclaimer won’t save you, it’s your job to make sure you aren’t breaking US law when selling a jammer. I start with this point as disclaimers will come up again farther down in this post and it’s important to understand how this may affect us.

Circumventing the Ban

The key to circumventing any ban is to look for devices or substances that have legitimate use and wide-spread availability and then repurpose them to accomplish something that was not originally intended. Manufacturers can fall into two categories, knowing and unknowing.

KnowingWhen the manufacturer is aware that a use exists outside the one intended but legally the manufacturer is not responsible.

Unknowing: When someone radically repurposes something to the surprise of everyone including the manufacturer.

In both cases, if there is more good news than bad news for the manufacturer (read that as increased sales) it’s not likely any changes will be made. Media attention of the newfound use (or potential product ban) will drive sales which also reduces the manufacturers desire to take action. In short unless the use is so egregious (babies dying) that action MUST be taken, it won’t.

Application to SDR

Great Scott Gadgets sells a SDR called the HackRF One that is a popular entry level SDR with transmit capabilities. It must be plugged into a computer to be used in combination with software that is run to bring the SDR to life. Without software, it’s basically good as a coffee or beer coaster.

If you are new to SDR, you can think of it the same way you would a sound card for a computer but for transmitting and receiving radio frequency instead of sound. Just as your computer doesn’t make sounds unless you tell it to, a SDR doesn’t transmit signals unless you (software) tell it to.

An interesting device emerged that can be used along with the HackRF. It’s called the PortaPack and is made by Sharebrained Technology. This device by itself is even less useful than the HackRF, it’s basically just a display and control pad that can plug into the HackRF. In order for it to be useful you must load some custom firmware into the HackRF. This firmware was also developed by Sharebrained and is open source and freely available on GitHub.

The combination of both of these devices with the firmware installed leads to a portable SDR that does not require a computer. A few receive functions are implemented but in all honesty the firmware provided by Sharebrained does not justify spending over $500 for this setup. The mechanical and electronic design of the PortaPack is great, but the firmware sucks. No transmit functions are implemented at all and definitely nothing that empowers the ignorant to unleash chaos.

Bring on the Havoc

If instead of loading the firmware on Github from Sharebrained, we load the Havoc firmware (also available on Github) we get something worthy of spending $500. There are many great features implemented, and it would seem anyone who cares about the PortaPack is actively working on the Havoc branch. Unfortunately, the ability to jam signals has also been implemented in this firmware.

From reading the FCC’s website and looking at who they go after it seems the “sale and marketing” of jammers along with the actual “use” will get you in trouble. While their FAQ states that possession of a jammer is prohibited in the United States, I did not see any cases where someone was fined specifically for possession, but I also did not do an exhaustive search.

From the FCC FAQ on the meaning of marketing: “Marketing” is defined in the FCC rules as the “sale or lease, or offering for sale or lease, including advertising for sale or lease, or importation, shipment, or distribution for the purpose of selling or leasing or offering for sale or lease.” 47 C.F.R. § 2.803(e)(4).

Searching the internet and reading reviews about the Havoc firmware is rather interesting. Everyone knows the features are illegal, and likely illegal in most countries in the developed world yet no one addresses the negative impact they will have. They say things like “Don’t use these features at all” and “This is likely illegal in your country so don’t use it.” If the features are illegal though, the impact to the SDR community will be negative. Instead of hyping up these illegal features to attract attention, we should be removing them to create something that is a benefit to the community as a whole.

It should be noted that the Havoc firmware (with jamming capability) is specifically mentioned on the Sharebrained website as part of the sales and marketing of the PortaPack.

Implications

Don’t get me wrong, I understand the appeal of things that are viewed as (or actually are) forbidden. What allows the continued existence is how hard it is for the general population to acquire and make use of it.

Seeing how it is hard to block free speech and software/firmware freely available on the internet, the simplest way for governments to address this issue will be to ban SDR’s. While everyone is busy reviewing the Havoc firmware and talking about how we shouldn’t actually use the features, they are slowly digging SDR’s grave.

SDR’s that are sold today do not require any FCC Authorization at all. If this isn’t surprising to you, consider that every consumer device sold that transmits Radio Frequency (RF) must have a FCC ID, and it’s a costly process. SDR’s get around this due to the fact that they don’t fit the current mould of testing, so they are sold as “test equipment” and the people/companies who purchase them are responsible for ensuring they comply with the laws of their country.

In an attempt to protect themselves from litigation due to improper use, some companies that sell SDR’s have a legal statement on their webpage. Ettus Research and Great Scott Gadgets are examples of these. Some do not however, such as Kickstarter and Crowd Supply which are crowd funding sites meant to help startups fund products. These sites advertise to masses of people, many of whom likely do not know the laws around transmitting RF. Kickstarter was used to fund the initial widespread release of the HackRF and Crowd Supply has been used for the LimeSDR and LimeSDR mini made by Lime Microsystems. Lime does not have a disclaimer anywhere on their website that I could find.

It should be noted that SDR’s generally appeal specifically to people without much understanding or experience with RF due to the fact that they are software controlled. This has opened the door of experimentation to a large group of people with no electronics or RF experience, both a good and bad thing.

Jeopardizing the ease of access

People apparently don’t realize just how easy it would be to revoke this “test equipment” exception or outright ban the sale of any SDR. It’s happened with other hardware in the past when people and groups decided to challenge governments and industry. Companies that are negatively impacted do not sit around and allow bad publicity and loss of profits to continue without fighting back. That fight takes the form of lawsuits and lobbying government for change. For a brief intermission from this post, read about how DirecTV handled the sale of hardware that threatened their business. Ettus Research (owned by National Instruments) might be able to withstand a legal battle of that magnitude, Great Scott Gadgets would likely not.

There’s No 2nd Amendment for SDR’s

SDR’s are neither good nor bad, it’s what the people who purchase them do with it. Sound familiar?

Unfortunately, there’s no National Rifle SDR Association fighting to retain our rights to SDR ownership. When media attention reaches a peak then some form of action will need to be taken. Attacks against firmware and code are rarely successful as it can be shared and hosted anywhere. The simplest route is to demonize Great Scott Gadgets in the media and then litigate them out of existence or force them to remove the transmit capabilities from their products.

The key thing to remember in litigation is it doesn’t matter who is right and who is wrong. It only matters who has more money, better lawyers and can fight the longest. You may be right, but being bankrupt and right is no fun. The reality is just one SDR company being attacked would be the best case outcome. The government deciding to change the laws affecting the sale or use of ANY SDR is a much worse outcome. Just as consumer RF scanners had to block ranges of frequencies (Cellular) that they can receive in order to be sold in America, SDR’s might face similar regulations. Perhaps none of them will be able to transmit, or will be forced to have crippled functionality.

SDR’s have fantastic capabilities precisely because no one knows it! They definitely aren’t as easy to use as a consumer RF scanner. Every step that is taken to make SDR’s more consumer friendly is another step closer to annihilation. This is counter to the wishes of the companies selling them though where the goal is always to sell more. In an effort to increase market share the entire market may be destroyed.

Beyond Jamming

Attacking technology is a big part of what pushes it forward. The security of the internet and devices gets better not on its own but because people are constantly attacking it. Security companies, adversaries and bug bounty hunters are all forcing technology to improve no matter what the reason for their attack. Exaggerated press releases touting how secure something is and “just because it hasn’t been done before” are also drivers for attack. The end result is improved products, or a new company to replace the one that couldn’t adapt.

Critical Infrastructure in America is such a big concern precisely because it hasn’t been under any serious attack until recently. A big part was lack of access to the equipment and systems to actually try attacking it. I am sure a fear of the repercussions if one was caught also played a part. In cases like critical infrastructure where the cost to address the issue found can be extreme, it sure is easier to shoot the messenger. This statement isn’t meant to be an attack, it’s just a financial reality.

Software defined radio is increasing awareness of the weaknesses with wireless devices and systems that rely on wireless communication. What Wireshark did for network security SDR is beginning to do for wireless security. The SDR tools aren’t as accessible and easy to use but it’s getting better every day. HackRF+PortaPack is one of those steps in the right direction. Havoc firmware with the ability to jam communications is not.

While SDR has the ability to push the industry and technology forward, it does this by attacking what exists today, which threatens the companies who produce the products of today. Industry cares about profits and increasing sales each quarter, not the greater good. A quarterly earnings call with the CEO saying to shareholders “Profits are down again this quarter, but we are actively working towards the greater good…” will not result in the share price going up.

Unless you are Elon Musk, I think he COULD actually say this and the share price would go up!

Closing Thoughts

Debates take place as a response to action. In the case of guns it is sanctioned vs unsanctioned use. People don’t debate guns when they are used for the mass killing of people during war, they debate guns when they are used to kill school children. For SDR’s there won’t be debates due to non-disruptive uses like replay attacks to test for vulnerabilities, it will be jamming communications when a tragedy occurs.

Just because there is no debate going on right now does not mean we are in the clear, it means we are one action away from a shit-storm.

Regardless of your position on guns, the gun community understands this well and knows their continued existence relies on shunning certain activities. For the SDR community to thrive and create tools that will ultimately benefit humanity, we need to come together and decide what we will and won’t support. Havoc firmware may drive some sales of HackRF and PortaPack, but do we want to actively work to add features to something that enables people with no knowledge and experience to cause chaos?

In the end the people causing trouble will be caught and prosecuted, but in the process they may ruin SDR for us all.

Everyone has a SDR but no one uses it

It seems when I chat with techie people there will always be a few who have heard of Software Defined Radio and some of them even have a RTL-SDR. One may have a more advanced SDR like a HackRFBladeRF, LimeSDR or more recently a LimeSDR Mini. Unfortunately, their journey into SDR seems to stop at the time of purchase or shortly thereafter.

Who can blame them, the SDR learning curve is long and steep. It also doesn’t help that most these crowd sourced products are marketed like a consumer good. Putting a pretty case around a piece of test equipment doesn’t make it user friendly. If you don’t have some experience with electronics and RF signals it doesn’t really matter that it’s “Software Defined” because that last word “Radio” is brutal!

There also aren’t really any mainstream applications for accomplishing specific tasks other than viewing spectrum. Just about every cool “application” that exists requires running linux and some fairly extensive setup process. I think this is why blog posts and videos about simply getting a SDR to do something useful seem to draw attention.

You no longer need to know much of anything to get on the internet and use a computer, just like you don’t need to be a mechanic to drive to the store. If a better job can be done packaging ready-to-use applications for SDR we will see a lot more people actually USING them.