Wireless Gridlock in the IoT

Wireless Gridlock in the IoT

"What good is a phone call when you are unable to speak?"

When people mention the Internet of Things (IoT) and congestion they’re likely referring to novel solutions to urban traffic control, not the less discussed fragile and limited radio spectrum, which presents its own security risk at a time when systems are becoming increasingly dependent on it.  

By Alex Farrant

Senior Researcher

13 May 2015

The explosive growth in home, wearable and vehicular wireless devices has not been matched by a proportionate growth in radio spectrum bands to accommodate them. This dilemma is creating a growing congestion problem which owners of wireless networks, bandwidth hungry teenagers or value baby-monitors know only too well. This presents a genuine and growing security issue to the availability of critical information stored in the cloud and dependent on the already vulnerable and limited RF spectrum to convey it. Denial of service is no longer a nuisance; it is lethal to modern systems and economies.

Discrete wireless networking technology (Bluetooth, WiFi, Zigbee) is proliferating at an ever increasing rate right across industry sectors, much faster than spectrum management or standards bodies can keep on top of or practically test. The ubiquitous Industrial, Scientific and Medical (ISM) radio band at 2.4GHz in particular is heavily oversubscribed due to its unlicensed nature and could become all but unusable for priority systems in a desely populated area in the future at the present rate of growth of 2.4GHz transmitters and networks.

The crux of the problem is that the oversubscribed ISM bands are unmanaged so whilst your company might exercise diligent planning of your wireless network(s), the growing number of local devices within range will pump out RF energy into the same narrow slice of spectrum without a care for your planning - or devices. In addition, vendors will be more than happy to tell you their wireless device ‘just works’ and gloss over the critical issue of the overcrowded, unmanaged, RF spectrum it relies upon. Devices need only comply with the radiation regulations for your country, set by ETSI in Europe, but are not required, or practically tested, to work in harmony with other devices. Value baby-monitors are nicknamed  ‘RF jammers’ for good reason.

Harmony through design

Wireless standards like IEEE 802.11 (WiFi) were designed with high capacity and congestion in mind [1]. Features such as engineered channel spacing (guard channels), distinct channels (14 channels in the UK), and agile modulation techniques like Direct Sequence Spread Spectrum (DSSS), Frequency Hopping Spread Spectrum (FHSS) and Orthogonal Frequency Division Multiplexing (OFDM) allow efficient sharing of the limited spectrum whilst providing the high data rates consumers demand. Further restrictions by Telecommunications authorities like ETSI in Europe restrict device power output to 20dBmW (0.1W), thereby severely limiting the impact of a device.

These advanced design features do indeed allow multiple systems to share the same channel but they won’t provide indefinite harmony. The scale of the IOT will stretch them to breaking point.

Bluetooth (IEEE 802.15.1) is marketed as a distinct communications technology for portable devices but operates in exactly the same 2.4GHz band as WiFi. It is designed to fail gracefully when it cannot communicate on a channel so many users are oblivious to interference. Despite it using frequency hopping modulation (FHSS), and WiFi using (different) frequency hopping modulation (DSSS), the two incompatible standards are still capable of interfering with each other resulting in bit errors and reduced speeds [5].

Why your WiFi is slow… and getting slower

Despite advanced interference counter measures, the sheer quantity and variety of devices from wristwatches to CCTV competing for bandwidth in the narrow slice of ISM spectrum, especially in cities, is causing increased bit error rates (BER) through collisions and packet retransmissions which manifests itself as slow WiFi and even WiFi rage[2].

Channel management by users is voluntary and even if done well, is likely at odds with your neighbours’ channel management plan. Even if you harmonise channels in your office with additional spacing (a DSSS signal overlaps the two channels either side), sooner or later someone or something will be on ‘your’ channel(s). Hopefully they’ll be compliant with ETSI regulations but even then there’s a healthy limit (it’s 3) to the number of independent DSSS signals in the same location which can be calculated when you know how many bits are in the spreading sequence. The 802.11 standard has an 11-bit long spreading sequence which needs 30MHz spacing between carriers. Any closer and they’re interfering. The amount of interference will be proportionate to the amount of overlap and signal power [3].  Having three or more signals on the same channel won’t cause anarchy but it will reduce performance by a factor determined by the power of the interfering signals which may well be enough to impact the availability of your critical information.

Congestion has already spawned a market in products designed to beat the traffic either through intelligent multi-path antenna design (MIMO routers) or cruder high gain antennas designed to ‘boost’ your signal usually at the expense of other users – which is allowed because it’s unmanaged spectrum after all. Vendors shouldn’t exceed ETSI radiation regulations or deliberately interfere with other’s use of the spectrum as that would be an offence under the (UK) Wireless Telegraphy Act (WTA).

The WiFi’s slow, so what?

In the information security triangle of Confidentiality, Integrity and Availability, interference presents a real threat to the availability of data and services, increasingly cloud based. Not being able to stream a HD movie is a ‘first world problem’ but not being able to activate the remote lock on your house or car or access your critical data or system when you need it is a more serious issue with real world consequences.

  • Cars fitted with convenient wireless security systems have for some time now been targeted with deliberate RF interference by thieves. The thief jams the lock signal as the owner leaves the vehicle with a cheap jammer requiring no technical knowledge or skill to operate [4]
  • The surge of affordable drone usage in the ISM band has seen a new, expensive, phenomenon called ‘fly-aways’ when a drone fails to communicate with its controller [6]. RF Interference is a known issue which is understandable as at 20dBmW (ETSI limit), a signal at 2.4GHz will propagate only a few hundred metres through free space before it is too weak to receive with normal receivers.  The practical maximum range of a Drone will vary greatly between quiet rural environments with a low RF noise floor and a noisy, cluttered city where the Drone’s signal will have to contend with attenuating obstacles, signal multipath and other co-located systems on the same band.
  • An unnamed UK intensive care hospital invested in an 802.11 VoIP staff communications system which staff rely on to contact each other - often in an emergency. The devices are clients to a building-wide 802.11 network which shares not only the unmanaged spectrum with non-critical networks, but also the very same channel with a much higher bandwidth patient entertainment network resulting in occasional critical communications failure (or jittery cartoons depending on your POV). Basic channel management would help but a better solution for a critical system would be dedicated, licensed, spectrum instead of the Wild West that is the ISM band.

If you run a business where wireless systems feature heavily then you’re vulnerable to a physical denial of service in the form of unintended or deliberate interface (Jamming). (You’re also using more power as it costs more wattage to send a packet between computers via WiFi than by Ethernet). An RF jammer can be assembled or bought for very little and the growing hobbyist Software Defined Radio market has seen the price of entry level transceivers capable of transmitting across licensed and unlicensed bands fall drastically which when coupled with an equally affordable signal amplifier and directional antenna can deny wireless communications at long range. This means the barrier to entry into the previously exclusive world of Electronic Counter Measures (Military jargon for radio jammers) has fallen and trouble will follow. Expect and plan for interference, deliberate or otherwise.

Representative SDR Jammer with power amplifier


Faced with this dilemma, what can you do to offset the hordes of competing IOT devices that are mushrooming and the emerging threat from attackers armed with powerful SDR jammers from compromising the availability of your critical information?

Thankfully, standards bodies are developing future standards to address congestion and capacity issues but in the meantime here’s a check-list of tips to help you enjoy interference free wireless networking:

  • Plan for radio failure. Have an alternative ready, ideally an Ethernet cable into your network.
  • If you are going to put your business in the cloud, access it via a reliable, wired, route.
  • For mobile users of critical and/or valuable systems, ask yourself if using the unmanaged spectrum is the best         choice. WiFi might well be faster than 3G but it’s a free for all, unlike the carefully managed GSM bands which cost telecoms companies billions. WiFi is cheaper for a reason.
  • De-conflict your local spectrum. Have a scan with one of the many smartphone apps like Wifi Analyzer for Android or airodump-ng for Linux which will reveal your 802.11 neighbours and note their WLAN channels. Get your wireless base stations on a channel as far from other systems as possible. Do the same for Bluetooth. Repeat periodically.
  • Take an interest in the frequency bands before you buy another convenient ‘wireless’ device. Favour devices which use less common bands such as the higher 5.8GHz ISM band used by 802.11n. Aim for diversity of your spectrum footprint rather than having them all sit in the same overcrowded 2.4GHz band waiting for trouble to come your way.
  • Pay attention and investigate incidents of slow speeds. As well as being an indicator of someone hogging all the bandwidth, it is also a symptom of an interfering system causing increased bit errors and packet retransmissions on your channel.
  • If all else fails, move to the Outer Hebrides, but be warned there's a Radar test facility already there...

Subscribe for more Research like this

About Alex Farrant

Senior Researcher

CHECK IT Health Check Service
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor