Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries

> Regardless of that we all should have cameras running everywhere all the time

I would like to opt out of this nightmarish safety hellscape. I never use the phrase Orwellian because it’s so often misused, but yikes is this some 1984 badthink.

Cryptographically verified recordings don't sound practical to me (sensors and video processing electronics sound like a lot of hardware to put in a secure element), but I'm sure we will see generative AI inflating away the value of blackmail material soon; one mitigation for this could be cryptographically signing material and then publishing the signature long before it becomes practical to fake it (i.e. the past, increasingly), then periodically creating signatures with new algorithms in advance of the discovery of practical attacks on existing ones.

Any idea of trying to prove that a random video isn't fake by crypto verification is very, very brittle - the trust relies on having almost 100% certainty of key secrecy from a global, heterogenous system of low-margin commodity manufacturers.

Like, ok, every device is keyed to authenticate the recordings it produces, using a unique key signed by the manufacturer - as long as a few valid device keys ever leak from the device or the manufacturer, any fake video can get signed with a valid key from Camera#1234 from ShenzhenCameraCorp567, ltd.; you're not going to make every $1 camera module in cheap embedded devices tamper resistant.

Yes, and then governments will require that any sale of recording devices are registered so that footage can be traced back to.... undesirables who undermine the great leader.

Solving different crimes. The ones you might get a promotion or some other gratification out of.

If you're in a city with 1,000+ home burglaries a year, nobody cares that you clear one and arrest some meth head. But, solve some gruesome or politically-tinged crime and you're holding a press conference and getting praise left and right.

We do the same thing as software engineers. Every large company has some lore about what types of work get you promoted, and many engineers prefer to work on that.

Sadly, you're not wrong as expecting a police officer to do anything with the footage is just a farcical notion.

Not true at all. Police love footage that provides anything useful when they have time to work on a case and, importantly, the footage is actually useful.

A lot of DIY security camera installs provide useless footage: Cameras are mounted too high to catch faces, lighting is bad, license plates are blurry, and the list goes on. If you can actually catch faces, license plates, or anything else identifiable then it goes into the case.

We've been told directly by detectives that they are too busy to look at emails with evidence.

That's a polite way of saying your case isn't a priority for them. Caseload is high and most departments have to filter and prioritize aggressively.

Unfortunately, anything involving e-mail evidence gets messy very quickly because e-mails require legwork from specialists to verify and admit with a proper chain of evidence. Forwarding an e-mail to a police officer or sending them a screenshot of something might be useful as a hint in an active case, but it's not going to meet the bar for admissable evidence unless they can get more resources on it.

Your detective in your city on that day may have been too busy, but that’s just an anecdote, not a survey of the thousands of cities and police departments and their response to home burglary footage.

20 years for burglary? Sheesh

nah out the same-day and released on a plea or technicality as long as no-one was hurt and no weapons involved.

We just got new windows in our home, replacing aging double-pane glass with newer, much better insulating triple-pane glass. However there was an option to get added sound insulation and my SO is sensitive to noise, we added that.

I was also considering the safety glass option, given that we had a porch door with "all" glass (just a small wooden frame). I'm a distracted and clumsy at times so I was worried about running through the glass in the door. After talking to the window manufacturer, I learned that I didn't need the safety glass option since the extra sound insulation meant the construction was laminated, hence acted much like a laminated safety glass.

Haven't tried to break them yet, but after helping getting them mounted (about 50kg for a 1x1m window, heavy!) it seems to me it'll take some effort to get through them. Proper anti-burglary glass is likely much better, but wouldn't surprise me if a group of teens would struggle.

Anyway, wasn't my primary consideration but I sleep slightly better at night compared to the old windows which could easily have been shattered with a simple rock, including the porch door.

edit: Also sleeping much better due to the sound insulation. The triple-pane does most of the damping I imagine, but between them it was a vast difference. I had three ~10 yo boys running around screaming (or playing as they'd say) 10m from my wall, and once I closed the new window to my room I could barely hear them. Not at all like the old windows.

edit 2: We also got the option for IR blocking, it adds just the slightest blue tint but cuts 60% of the IR. Made a massive difference in keeping especially the living room cool during summer.

Woah are things out of control down there? Sounds like GTA Los Angeles.

Super cool! I have a proactive security system as well and can also set off alarms. I've set this up for other people, but it seems that people tend to stop with setting up the detection system and I've yet to see someone I know take it to the response stage.

Inspiring, thanks for sharing!

I propose HN have a smart edit detection feature where it allows small edits for a longer period, to correct spelling without xhanching the manning.

You should be covered by your own insurance who turns to the other driver's insurance to get back the money. And your insurance will send you the money even if the drivers is not known, provided you have called the police so that hit and run is registered. So that photo isn't usually necessary although it helps your insurance getting its money back.

We have security cameras (that can read license plates) which caught a woman who backed into my car and drove away just last week.

Cameras are not security theater, AND they often won't stop a crime.

Yep.

Dashcams don't prevent traffic accidents. But they _do_ make it much much easier for the not-at-fault party to make their insurance claim.

It'd be nice of home security cameras "stopped crime", but they are much more useful in documenting your insurance claim. Which is still worthwhile (assuming you have insurance to claim on).

Sadly it is becoming kind of moot nowadays with so much spam that less and less people are answering to unsollicited calls. I know I don't so the police would just ring my phone and I wouldn't know about it. Not that I would want to but having a security system in my house would probably not be an high enough incentive to start answering these kind of calls.

Or just the police not even trying to solve it. In my city, it's inconsistent. A neighbor's alarm activated by accident and 3-4 policemen arrived quickly. Yet a friend's house was actually burgled, they took an ipad which tracked itself to two addresses in a nearby suburb and the police said "sorry, we won't check that out, you should have had cameras". I have a feeling the police prefer to solve crimes by talking to people and browbeating them into revealing things rather than using technology, so I was surprised they recommended cameras.

This is my use case and setup also. If there's someone in my yard I want to know. If I'm not home it additionally kicks off other automations that make my place look less tempting for an attack.

Edit: it's also very useful to me to keep video logs of my shop and other areas. I can easily go back to see what happened if something goes wrong (stuff falling, me forgetting stuff somewhere, figuring out why there were big car tire tracks across my yard, etc).

They also didn't do anything from a disease perspective either, unless it was a disease transmitted by large quantities of spittle.

It is not always enough. Like for example my ex sister in law once held the door open for the burglar who were getting out of the building with her own TV. She only realized that when she went upstairs and found her door open.

Yes. I saw an interview with a burglar in the UK. He said he preferred properties with alarms and other security features because they were much more likely to have valuables worth stealing. And, as he pointed out, nobody cares about an alarm going off in a city. It just gets ignored.

They did that too. Neighbor was a cop. Took all his gear, uniform, weapons, etc. Was demoted to motorcycle cop after that.

It is good for insurance claims.

This sounds like a great idea, until you try to re-terminate that cabling and see how much abuse the electrician put the drop through. I’ve seen 6-8” of sheathing removed and all the remaining pairs untwisted wrapped back around (or just snipped entirely).

So many homes with a coax in every room too.

I don't understand why powered IoT devices (lightbulbs, switches etc) don't use powerline for network access.

You're suggesting there is building code requiring the omission of data cabling. I'm not even sure how this would be phrased. Especially given that phone cabling is just Cat5 cable now.

Data cabling is omitted from new builds because it doesn't sell homes and is just a cost.

The only recent comparison I can think of is how some cities actually required lead pipes for drinking water for decades.

Building codes (a long time ago) also didn’t require electrical wiring or plumbing, then we decided they should.

Rest assured they do. If you look up FCC violations in urban areas you can find out that they are quite adept at triangulating violators.

"A first offense is a misdemeanor punishable by up to a $10,000 fine and/or up to a year in jail. Subsequent offenses are felonies punishable by up to 2 years in prison. In practice, this might result in only a civil action by the FCC. But it is forbidden by Congress and can be punished by imprisonment." https://law.stackexchange.com/questions/94617/is-deliberate-....

For ISM, yeah the FCC don't give a shit.

Marriott was jamming for years, until they were forced to stop. Keyword: years.

If someone is making temporary jamming attacks (even on GPS or cell), unless you do it at your house or stationary, you ain't getting caught.

I know 'a friend at the hackerspace' who did a .25w GPS spoof to make the city look like it was in Moscow, Russia. Nobody responded.

I can assure you they will give a shit if you make enough, ahem, noise that people start complaining. Not that it's not fun to mess around though. Think about those little stickers that says your device must accept all blah blah. You just have to be able to talk to them so they can.

Different root cause - stadiums concentrate an absurd amount of people in a very small space, and people aren't going to a stadium to watch sports, they are there to make selfies, videos, even livestreams for Instagram, Snapchat or Tiktok so they need a lot of bandwidth.

Ideally, the operators of such venues would go and place an appropriate amount of picocells inside the stadium, but these cost a ton of money to install and they are only used maybe once a week for two hours, so there is no financial incentive for the providers (particularly if the general public has gotten so accustomed with a baseline of enshittification that they don't even protest any more).

For example, take the Munich Oktoberfest. The Theresienwiese is 42ha large and fits about 600.000 people without tents or ~200.000 in the full Oktoberfest buildout - and each year, every provider literally spins up hundreds of cells of all sizes, to accomodate the up to 20, 30 terabytes of data each day that all these people create [1]. But since that is two weeks of full load, it's worth the effort in the end financially.

[1] https://www.golem.de/news/netzabdeckung-mobilfunk-beim-oktob...

But that's clearly just because of 10s or 100s of thousands of mobile devices in the area, why would they care about that?

The FCC uses the word “blocking” and institutes the same fine.

FCC rules forbid hostile use of the frequencies, that’s also what forbids jamming.

Everyone is supposed to get along and play nicely, and jamming is the definition of not doing that.

Intentionally sending disconnects/de-authentications too, if the intent is denying lawful use for someone.

Unless it's a very old microwave it should not be leaking RF into the surroundings because that RF is energy targeted at warming up food and liquids.

I wasn't aware you could be licensed for 2.4 GHz broadcasts. What's the process on that, and what does it allow you to do? (Besides jamming others I guess)

Hell, one of my customers had one of the best 2.4GHz jammers I'd ever seen at their house. It was one of those portable handsets for hardwired phones that were still common in the 2000s before everyone started ditching land lines.

They had lots of complaints about the quality of wireless they had in their house. I dropped in more access points even after everything worked perfectly when I was there. Then they got a call when I was there and everything stopped working. This was before 5GHz was really common, but B/G/N would just stop functioning.

This is taken a lot more serious than running red lights, and yes, they will get you. A guy in Florida was using a jammer in his car to block phones when he was driving. They found it.

https://www.pcmag.com/news/fla-man-fined-48k-for-jamming-cel...

https://www.fcc.gov/over-air-spectrum-observation-capabiliti...

https://www.mdarc.org/regulations/fcc-monitoring-stations

https://www.youtube.com/watch?v=FcKCMfVJohI

Two ways

First way, they get reports from people/companies/band users and will maybe act on them. This assumes it's in a band they care about, people report stuff in the ham bands all the time but they nearly universally ignore those.

Second way, you interfere with something safety critical, such as an airport, where they may have installed equipment to monitor RF in particular bands.

TL;DR: unless your neighbor is an RF professional and can determine that they are being interfered with instead of "huh, the wifis no workie...shrug", they just won't do anything.

Facebook tries to sell me RF jammers pretty much nonstop.

Aliexpress sellers will happilly mail you whatever RF jammer you want.

rogue ap detection has been around for a long time. you make the jammer hop between all the plants randomly. (its just a stupid video game mechanic and fun to think of RF/IR grenades.

(have micro RF 'jammers' that are the size of peas (they just emit enough RF noise to the local APs - - and throw a handfull in an area so RSSI RTLS is moot for the main jammers....

(more of a comic cyber - Ronin type comic that happens in a retro future Tokyo) https://i.imgur.com/jBc4jtv.jpg

Barrier to entry, mostly. Implementation of most RF attacks historically required expensive SDR equipment and strong knowledge in a highly specialized domain.

Even many WiFi attacks which can be executed by off-the-shelf WiFi hardware require specialized driver/firmware hacking to execute, since most WiFi firmware isn't designed to send frames "out of turn" or with the wrong flags set.

This is all evolving rapidly and I fully expect this to be one of the hottest topics in coming years. Flipper Zero is an obvious example of the change here - it was absolutely nothing new hardware or software wise, but providing easy access to standard BLE primitives and years-old sub-Ghz radio chipsets triggered a variety of meltdowns.

More powerful SDRs and basic "building block" libraries for SDR are only becoming cheaper and more available every day.

I suspect that there are many many attacks, but we don't hear much about them because they go undetected.

People are routinely being tracked via bluetooth for example but very few people think about it or bother to disable bluetooth because of it. Companies (and anyone else interested) just get to scoop up all that data and use it for whatever they feel like.

My car beeps whenever the key is not detected in the cabin while the vehicle is running. It would be very hard to leave the key behind by accident.

Even more surprising: fobs that don't work if the key is in the ignition.

My 1996 Mustang had a bad battery, so it would barely start. I took the remote fob off the key ring and left the car running, but locked it (using the physical door-lock button). When I came back later, the fob would not open the door.

WTF? Had to have another key brought from home.

Another good one: If you open the back door of a Mini Clubman (or the regular Cooper, most likely) and then accidentally drop your fob into the car and close the rear doors or hatch... the car will re-lock itself and you're fucked. This is great when it's a hot day and you just put a dog in the car, which is in the sun. Now you get to break a window. Yay German engineering.

Mine works this way, you get a warning that it’s going to shutdown in a few min without the key.

The car turning off is not at all the same as braking. It actually seems LESS safe to me to allow the car to move far beyond the key, because leaving the key behind (Thus stranding yourself) is more likely to occur than the battery dying.

Unless there's a concern about just having the engine stop while actively being driven???

The majority of cars depend on the engine to provide power assist on the brakes and steering. Without power assist the physical effort required to stop and steer goes up significantly. Suddenly having the control dynamics of a multi-ton chunk of metal change dramatically while at speed isn't something most people are capable of responding to correctly. Having the engine stop in the middle of a busy intersection is another way to have a bad time.

I had a remote start that would specifically kill the engine if you pressed the brake without the key in the right position.

Being able to start the car remotely and being able to put the car in gear and drive without the key in the ignition are independent features.

the latency auth trick requires very fast timings, to distinguish between 5 ft and 25 ft... 20 feet difference is like 20 ns.

(the attacker's parts don't need to be high delay themselves, could be a pair of gain antennas and amplifiers.)

Damn, that sounds so much worse. My Tacoma already has keyless for me to worry about, but at least that doesn’t require an internet connection.

I know that NFC itself does not require an internet connection, but the whole point of requiring a smartphone at all here is to have an app that millions of people MUST install, to collect data to sell. I won’t at all be surprised when they arbitrarily lock NFC keyless behind a required internet connection.

I’m tired boss.

I'd compromise with hands-free door unlocking, but some harder method to start the engine.

I am so skeptical of this story but I want it to be true so badly.

If I shine a laser through, does it really focus on the sighted spot? Does the coating on the telescope not filter IR? I thought most did maybe not. Could I shine a flashlight through and illuminate the room? How is that not the same?

I used to have a TV-B-Gone universal remote with only one button - OFF (oh hey it is still a thing https://www.tvbgone.com/). It was glorious, I used it in airports back when they had TVs all over the place, in hotel bars, in airport shuttles. It came with a booklet warning you about dangers of using it in a crowded sports bar during large sporting events...

Okay that's ingenious. I love it.

I pick locks for hobby and agree with this statement

They likely would never had to explain themselve anyway. The fact the device is found doesn't mean the prankster would get caught. It is not like they will look for fingerprints and ADN for a small prank.

I miss the days of open-by-default wifi.

So does every wannabe be l33t hax0r.

Here's a fact for you. I handed police the video evidence of the bonehead showing up earlier without a mask to case my house then came back 30 minutes later with a mask on but same clothes in full HD glory.

In a stroke of luck, I also saw him a few minutes after I arrived onsite (did a drive around the neighborhood) and he took off. I literally saw which apartment building he disappeared into.

Lets say there are 12 units in a building (it's a smaller complex built in the 90s) it would not take them long to catch this guy.

They did nothing. I gave them his face in HD and where he was located.

I am pretty sure it depends on the neighbourhoods, the frequency of these cases, staffing, frequency of other kind of crimes and your own ethnicity as a victim.

Parent commenter is not making it up, this just really depends on what neighborhood you live in.

With the destruction of the middle class it's true for a lot more people than it used to be.

If you feel in danger, the most logical action is to flee, not fight. You might think that acting violently would be warranted and a good solution but it is only if you are 100% sure of winning. In any other case it can cause escalation and harm to your family.

Where did you hear that?

It's also highly dependent on the dog. A chihuahua maybe not so much, a big Rottie maybe yes.

It seems like a weird thing to generalize. It's like saying "people are good or not good at fighting". Well, which people fighting how?

My city (Seattle) allows up to three fowl or certain kinds of livestock even in the fairly dense residential areas (the law is left over from many years ago, but backyard hens have become kinda fashionable in recent decades). But you can't keep a rooster, because it's too noisy. I suspect that keeping watch-fowl would have the same problem, neighbors would file noise complaints against you.

If there are enough people ready to shoot then people are far less likely to enter in the first place.

And before you say deterrence doesn't work, just put a sign outside proudly proclaiming your residence to be a gun free zone. Go for it!

They are breaking into your home to steal your things or harm you, being armed with a firearm prevents that from happening.

If they still continue to break in after seeing you are armed with a firearm, you can just simply just shoot them once they get inside as your life was in danger and you also solve that from ever happening again from that person.

What's the character of Alaskan criminals? How different from the lower 48?

The weak point is always the network connection. My cameras are PoE backed with a UPS, and the footage is replicated locally and to the cloud, but that replication still requires a network connection (which is also on battery). So, if someone jammed the cell network, cut my wired uplink, and then removed every drive they found, they can successfully prevent me from seeing them. I'll still know that something is happening, I guess? Plus they can always just wear masks.

The real point here is, even if you capture a super-clear 1080p picture of the criminal(s) face, the police mostly won't care. It's just a little security theater that you put on for yourself, and sometimes your insurance company.

I don’t know that they’d have the skill or patience for this. If you’re running cables to other rooms, they’re not going to start tracing wires everywhere (to potentially find the wire connected to a router anyhow)

Ideally you'd have hardwired cameras with a battery backup that store to local drives with a cloud backup.

This requires significantly more upfront and ongoing costs... and most criminals aren't sophisticated enough to cut power or jam wifi. Lots of times they won't even wear masks.

The average property crime is still an opportunistic smash and grab. Stick up wifi cameras are an affordable "good enough" for most cases.

Why were we trying to get them on camera again? Just sound the alarm already!

Fascinating. "Accessible" here seems to mean, "physically connected to the mains"?

Further, I was sitting here typing "surely a wifi jammer is more accessible", but if modifying a defibrillator is easy, maybe it really is even more theater than I thought.

Of course, in the real world, some of these mitigations will be a deterrent. But point taken, for a dedicated attacker/target, you're going to have to get more creative.

How are you going to find the house that has weapons worth stealing but doesn't have a safe?

Such houses are extremely rare. I'm going to assume you have never attempted this silly scheme for obtaining free guns. Most police cars have a shotgun under the front seat; have you tried looting those? I don't recommend it. This has to be the most ridiculously out-of-touch comment I've ever seen on HN.

No. Literally in deer hunter ground zero. The meth heads break into empty vacation homes and pole barns routinely, working on behalf of local theft rings. When they think a home is empty they'll go after it, like anywhere else.

A gun rack of full of long guns is a prime target.

It's also worth noting that you can buy signs and stickers on ebay for way less than the actual system, and you arguably get most of the benefit from the visual indicators.

An excellent observation! If deterrence is the goal (and I'm suggesting it often is) then a fake camera is often just as good, but cheaper!

Ubiquiti have a great name for switches. I have some. Unfortunately they chose not to provide an MJPEG stream on their cameras, which make's is very inconvenient (Read computationally non viable) to get the still images if you want to process the images with your own AI. And proactive camera security should be doing this and not relying on the AI that might be built into the cameras running on their tiny computers.

Yep.

For me as well it was quite reassuring to be able to piece together exactly what happened.

So rather than just being woken up by the noise of someone trying to batter the door down, I was able to go back and piece together 3 or 4 minutes of what happened - the cameras caught their car arriving, caught them going down a side road, caught them climbing over a fence at the back of my house, caught them trying to climb up onto the roof, caught them creeping around in the garden looking through windows, caught them trying to kick the door in, and then caught them running off and driving away.

I had enough that I was even able to write a post mortem with timestamps etc. This helped us make some security improvements, but for me personally it helped me process the whole situation - it was less traumatic for me to feel like I at least had "complete" info and was in control and generally feel less victimised and helpless.

Not the GP but I have more or less this with all Unifi gear, a Dream Machine Pro and PoE switch in the network cupboard, a Flex PoE switch in the loft with 4×G5 Bullet cameras plugged into it.

Unifi restricts choice but everything works in a few clicks and both the web app and mobile app management interfaces.

True, but older houses are also less likely to have 220V runs in the first place, I think. That might be a Baltimore thing, though - not sure I've ever seen one in residential here, but this is also the city where municipal gas service was born, so it isn't a surprise for gas-fired ranges and dryers needing only 110V service to be ubiquitous here.

I don't know if I'd want to depend on incidental capacitive coupling to carry signal between phases. I guess if it works it's likely to go on doing, but I feel like there's got to be some pretty sharp bandwidth constraints for noise, especially in residential...

You can wear a mask.

I disagree. Possession of a jamming device is illegal in many jurisdictions. Wirecutters are not.

I could kill all data communication in most buildings out there just by sneezing in the wrong cabinet (personally experienced). And then what are your wired cameras going to do? If the answer is "make loud noises", well, that's pretty much exactly what wireless cameras could also do.

There's a reason 'professional' alarms generally prefer wireless connection and battery power (and loss of connection is generally an alarm-raising event).