We're jamming, we're jamming, we hope you like jammin too

Thomas Shaddack shaddack at ns.arachne.cz
Wed May 12 11:51:05 PDT 2004

> RFID jamming should be very easy and a quite amusing DoS attack
> on commercial targets.  Easy because its not frequency hopping, low
> power, and relatively low frequency.  Particularly cute would be
> transmitting sex-toy codes intermittently.

Considering the transmitting powers of the tags, an active battery-powered
transmitter with a suitable antenna could have rather long range. A small
circuit with a battery could be magnetically attached to a car of a
selected "victim" and switched on after a delay, resulting in a mobile
jamming platform. Parking lots in front of the stores, where there is
often a direct line of sight between the cash registers and the cars, are
especially suitable for this kind of attack.

> ASK any Elmer you happen to see,
> what's the best jamming, RFID..
> (With apologies to the tuna industry and those too young to
> know the jingle.  Or to know the RF double meanings.)

Interesting cultural reference that goes entirely above my head with a
cute swooshing sound.
Care to explain, please? :)

For personal defense, I came up with a similar, smaller-range and
lower-power idea:

Micropower RFID jammer
Very-low power passive/active jammer of passive RFID tags

Radiofrequency tags bring a wide variety of privacy-related concerns. A
semi-passive jammer may be an option to alleviate some of them.

The tags are powered from the electromagnetic field the reader irradiates
them with, then they transmit back on another frequency. The transmission
takes some time, I guess few milliseconds, and is detectable by a nearby

The tags are made in two kinds: "plain", and more advanced
collision-resistant ones. The first kind transmits blindly whenever
powered, repeating its signature over and over, which causes two tags
within the field of one reader to jam each other, as their responses get
mixed together. The second, more expensive kind, uses algorithms to avoid
the situation when two tags transmit at the same time, overlapping their
responses and making them difficult to recognize; most often detecting
another tag transmitting, and then going silent for random amount of time.

This behavior makes it possible to design a micropower jammer. The device
shall listen on the frequencies both the readers and the tags transmit on.
When the tag read attempt is detected, the device owner may be alerted -
by a LED, a sound, a vibration. Then when the device detects the tag's
attempt to answer, it broadcasts pulses looking like the answer of another
tag, forcing a collision and a misread into every answer. The tiny power
required for occassional transmitting of few very short pulses makes the
device unlikely to cause other kinds of trouble, while additionaly making
it less easy to be detected if declared illegal than "continuous" jammers.

More information about the cypherpunks-legacy mailing list