[*]
And jammer is a device designed to interfere with wireless communication signals, such as those used in mobile telephony, WiFi networks, GPS communications, Bluetooth and much more. The operation of a jammer varies depending on the specific type, but in general, it operates by emitting radio signals at frequencies similar to those used by the devices being attacked. These frequency jammers cause interference and disturbances in communication, making it difficult or impossible for target devices to receive or transmit signals.
The use of jammers is very common, for example, among criminals trying to disable alarm systems: if following a break-in the alarm cannot send notifications via the mobile network, neither the legitimate owner nor the security services can activate in time.
In Europe it is obviously illegal to possess and use any frequency jammer.
The Raspberry Pi-based anti-reggaeton system invented by Roni Bandini is not a jammer
These days there is a lot of talk about a device invented by a maker Argentinian, Roni Bandini, who uses an economical Raspberry Pi board 3 and some simple electronic components, interrupts the playing reggaeton music from nearby Bluetooth speakers.
The system “Reggaeton Be Gone“, so called by its creator, was born from Bandini’s exasperation. Disturbed every day by very loud musicplayed early in the morning from the neighbor’s Bluetooth speakers, Bandini first asked to stop the practice, to protect his eardrums and his sacrosanct right to rest.
Subsequently, seeing that diplomatic channels had not produced any useful results, the creator has developed a tool that initially uses the machine learning to recognize the genre of reggaeton music and, in the event that the artificial intelligence confirms the reproduction of this type of sound content, it is automatically activated to disturb the Bluetooth speakers making listening impossible.
Because the system Reggaeton Be Gone it cannot be considered a jammer
In describing his project, Bandini is keen to point out that it was created only for purely educational purposes, as an experiment and its use is permitted only and exclusively on his own speaker Bluetoothnot on those owned by other parties.
Having said this, the author of “Reggaeton Be Gone” adds that the simple Python code he developed requires knowledge of the MAC address of the target Bluetooth device and that it is physically located very close to the Raspberry Pi board. You can understand it from the value RSSI (Received Signal Strength Indicator), parameter used in wireless and Bluetooth networks to measure radio signal strength. In general, the higher the RSSI value, the closer the Bluetooth device is.
But, without further ado, let’s take a look at the project’s Python code Reggaeton Be Gone: il source it’s all condensed into a single file, very simple to analyze.
The methods used to connect to a Bluetooth speaker that plays music
The most interesting part is the function fireBT(): contains two methods to “knock out” Bluetooth speakers:
if method==1:
# Small, are you there?
for i in range(0, threadsCount):
print(‘[*] ‘ + str(i + 1))
subprocess.call([‘rfcomm’, ‘connect’, targetAddr, ‘1’])
time.sleep(myDelay)if method==2:
# Medium, I think you should listen
for i in range(0, threadsCount):
print(‘[*] ‘ + str(i + 1))
os.system(‘l2ping -i hci0 -s ‘ + str(packagesSize) +’ -f ‘ + targetAddr)
time.sleep(myDelay)
Method 1 uses rfcomm connect to establish a Bluetooth connection, while method 2 uses l2ping to send Bluetooth packets to the target device. The key difference lies in the specific commands used and the action taken towards the Bluetooth device (connecting or sending packets).
You should have already understood here: we are not dealing with a jammer because there is no disturbance of the Bluetooth frequencies. The Python code simply attempts to establish a wireless and/or wireless connection send data packets within a very short time of each other.
If a Bluetooth speaker is already paired (paired), how can the playback of the data stream be disturbed?
In general, a Bluetooth speaker that has already done pairing with a device should be protected from unauthorized data exchange. In other words, if the speaker already was paired with a device, a third party should not be able to take control of it. Including Bandini. So how does the system succeed Reggaeton Be Gone based on Raspberry Pi?
The answer to this question is contained in Bandini’s text: “not all Bluetooth speakers are vulnerable“. Nothing but jammers! In another article we saw how to activate Bluetooth and how it works data exchange between network devices.
Take a look at the enlightening document entitled Bluetooth Attacks prepared some time ago byElectrical Engineering and Computer Science of Toronto (Canada). Leaf through it until you find some examples of attacks “After Devices Are Paired“, attacks that is, they can be successful Bluetooth pairing already occurred. In short, this is exactly what was used for the experiment Reggaeton Be Gone.
It is not allowed to take the law into your own hands!
Ascertained that the system Reggaeton Be Gone it certainly cannot be included in the jammer category, it must however be said that it is not allowed to take the law into its own hands. There are many ways to request the cessation of offending behavior I disturb: for example, it is possible to contact the person concerned, refer to the condominium administrator, request the intervention of the police force.
Despite all this, it is however appropriate to make some considerations which seem to us to be at least relevant.
First of all, when unauthorized access occurs to a network protected by encryption protocols, the crime of unauthorized access to a computer system (ex art. 615 ter cp), punished with imprisonment of up to three years. If it’s one open network, without security measures, the crime of unauthorized access does not arise. As in this case.
However, there are some type of crime which could however be concretely conceivable. Strictly speaking, in this case, an attack on another’s Bluetooth device could still fall under the “installation of equipment designed to intercept, prevent or interrupt computer communications or telematics” (art. 617 five times cp).
Among the “methods” present in Bandini’s Python code there is also a third:
if method==3:
# XXL, Say hello to my little friend
for i in range(0, threadsCount):
print(‘[*] Sorry, Scarface method is not included in this version ‘ + str(i + 1))
time.sleep(myDelay)
In our opinion, this confirms it playful spirit of work Reggaeton Be Gone. The comment string # XXL, Say hello to my little friendrefers to a famous phrase uttered in the film Scarface by Brian De Palma and starring Al Pacino in the role of Tony Montana. Before using a huge machine gun, he comes up with the quote reported by Bandini. Here, in short, is the “Scarface method”, with the destruction of the Bluetooth speaker, it is precisely the one to avoid but also the other two, for the reasons illustrated previously, are no different…!
The responsibility of users and manufacturers of Bluetooth speakers
To defend against attacks such as the one carried out with the system Reggaeton Be Goneit is first of all important to be prompt in installing the security patches and firmware updates released by manufacturers. Over time, in fact, new vulnerabilities and attack techniques that can be exploited on the Bluetooth side often emerge: it is therefore important to install the fixes that allow you to adequately protect yourself.
Per mitigate potential risksit is advisable to adopt best security practices, such as turning off the visibility of Bluetooth devices when it is not necessary, using PIN codes during the pairing process and ensuring that your speakers are free from any known vulnerabilities.
In our opinion, there could even be one responsibility of the manufacturer if an attack like the one proposed by Bandini was successful on already paired and adequately protected Bluetooth speakers. An aspect that is worth reflecting on.
Opening image credit: iStock.com – South_agency – The images published in the article are taken from Roni Bandini’s post.
…