Brief announcement: passive and active attacks on audience response systems using software defined radios
Date
2017
DOI
Authors
Ewing, Ryan
Starobinski, David
Xin, Liangxiao
Phan, Khai T.
Version
Accepted manuscript
OA Version
Citation
Khai T Phan, Ryan Ewing, David Starobinski, Liangxiao Xin. 2017. "Brief Announcement: Passive and Active Attacks on Audience Response Systems Using Software Defined Radios.." SSS.
Abstract
Audience response systems, also known as clickers, are used at many academic institutions to offer active learning environments. Since these systems are used to administer graded assignments, and sometimes even exams, it is crucial to assess their security. Our work seeks to exploit and document potential vulnerabilities of clickers. For this purpose, we use software defined radios to perform jamming, sniffing and spoofing attacks on an audience response system in production, which provide different possible methods of cheating. The results of our study demonstrate that clickers are easily exploitable. We build a prototype and show that it is practically possible to covertly steal or forge answers of a peer or even an entire classroom, with high levels of confidence. Additionally, we find that the receivers software of the system lacks protection against unexpected answers, which allows our spoofer to submit any ASCII character and opens the receiver up to possible fuzzing attacks. As a result of this study, we discourage using clickers for high-stake assessments, unless they provide proper security protection..