Simulating Jamming

Jamming is a form of electronic attack which uses a stronger signal to disrupt target wireless devices.
DISCLAIMER: It is an offence to intentionally interfere with someone else's use of the wireless spectrum in the UK.
The mention of its name also disrupts rational thinking amongst otherwise intelligent people and its common for spectrum planners and event managers to ignore signal theory when discussing its impact and revert to hollywood instead.
Originally used in warfare, it's now commonly used in civil emergencies such as event protection, bomb disposal or hostage negotiation.
This blog uses modelling evidence to demonstrate the impact of jamming in a city and in the process, debunk popular jamming myths. The target band in all models is the 2.4GHz ISM band which is easily the busiest unlicensed band in the world and home to WiFi, Bluetooth, CCTV, Locks, Sensors, Drones and phones. The chosen location is Regent's Park in London which is a large open area in the busiest part of London, surrounded by tall town houses. The antenna used is Omni-directional to visualise the effect in all directions.

Jamming thresholds

IEEE standard protocols such as 802.11 have defined thresholds for Energy Detection (ED) above which they will not transmit. If you can hit this threshold then devices will refuse to transmit and can be considered 'jammed'. For 802.11 the energy detection threshold is -62dBm which is a strong wireless signal. You would need to be in the same room as the wireless router to see a signal this strong so to be effective you must be close or just be very very powerful like a military airborne jammer.

Power limits

In Europe the power limit for 2.4GHz is 0.1 Watt or 20dBm which is what a domestic Wi-Fi router radiates. This is low by design to minimise interference, conserve battery and enhance privacy against eavesdropping. In the US it's higher at a generous 1 Watt / 30dBm which still works since everyone is even when competing for channel access, just on a bigger scale.
Jamming someone within this limit is hard. You either need to get very close (~10m) or use a directional antenna. For jamming of a wide area like the whole park and beyond you would need hundreds of watts of power. You can deliver this efficiently with a directional antenna and reduce collateral damage in the process but jamming a wide area with a ground based jammer requires an enormous amount of power.

Simulating jamming

The key setting for simulating the effect of jamming is the receiver threshold. Creating a radio coverage map with a 'normal' threshold like -90dBm would not be useful unless you were intent on producing a misleading result to support an argument against using jamming. For an accurate map of jamming 'effect' you need to see the coverage at the ED threshold (-62dBm). Within the web interface this is under the 'Receiver' menu and in the api it is the 'rxs' parameter.

10 Watts


At 10 watts EIRP, the signal is contained within the park in a localised 500m bubble and is able to reach a few of the surrounding buildings owing to their elevation above the park's clutter (trees etc).

100 Watts


With ten times more power the increase in effect is disappointing. This is due to the way RF power decays logarithmically so most of the power is lost in the first few metres and the loss scales as the power increases. This time the signal has left the park and is impacting buildings within a kilometre but only where there is line of sight. Most buldings are unaffected due to material attenuation of the short wavelength signal which struggles to penetrate anything other than interior walls.

Kilowatt


With a 1000 watts, the disappointment theme continues. The 500m park is still not fully covered due to undulating terrain and clutter which the 2.4GHz signal doesn't diffract into so sheltered pockets of 'no signal' are present even right near the jamming source. More buildings have been touched but most are shielded from the effect behind the first row of houses.
A hill (Hampstead heath) several kilometres to the north with line of sight to the park experiences a large amount of interference.

People won't die, but they will get confused

The greatest fear with collateral damage is disruption to ISM medical devices such as wireless implants. If you jammed inside a hospital where ISM band equipment is used, you could disrupt medical equipment but to influence it from beyond the hospital walls would require several kilowatts of RF delivered very nearby to penetrate the walls with enough power to still exceed the ED level.
Wireless medical devices are designed for failure. They are after all used in the busiest spectrum in the busiest cities in the world and have back-off and interference coping mechanisms built in to the standard, like 802.11's -62dBm ED level and random back-off timer to manage channel contention.

Vehicles won't crash, but they might stop playing music

The 2.4GHz band is a healthy distance from 1.5GHz where GPS resides. Jamming one to target data communications does not influence the other unless your equipment is really poor.
Even if you did interfere with vehicles navigation systems, they are distinct, again by design, from control systems since the spectrum is shared and prone to interference. The most likely impact would be on Bluetooth which uses the entire 2.4GHz band and is commonly used in vehicle infotainment systems which would suffer interference.