Vulnerability of WiFi’s Noise Floor Calibration

Abstract

Most wireless technologies, including WiFi, rely heavily on clear channel assessment (CCA) to avoid collisions, not only among the devices within the same technology but also against cross-technology interference. If the CCA threshold is not configured properly, both the transmission and reception performance will be seriously affected with behaviors unexpected from the protocol's perspective. On the other hand, WiFi uses an adaptive CCA threshold based on a noise floor (NF) calibration algorithm to account for ambient NF changes and slight differences in hardware. However, this turns out to be a serious vulnerability of WiFi. In this work, we show that one can easily generate a wireless signal that can take advantage of the NF calibration algorithm of WiFi to inflate the CCA threshold and degrade performance significantly. The signal can be generated from a commercial off-the-shelf ZigBee device, and if well designed, need not be too long nor strong. We show that WiFi is vulnerable to such attack, and more surprisingly, the network performance does not recover long after the signal disappears. We exemplify and verify our findings through extensive real-world experiments using five types of commercial WiFi NICs and three different WiFi access points to show that this is a critical problem that exists in reality and must be addressed.