Programming, philosophy, pedaling.

Death To Clickers

Oct 5, 2015     Tags: programming, rant, security    

This post is at least a year old.

Foreword: I don’t encourage you to cheat or otherwise interfere with your school’s clickers. Take this post as an elucidation of how broken (and unreasonable) the usage of clickers is, rather than a guide to making your university’s honor council unhappy.

If you’re in higher education (or have been in the last decade or so), you’ve probably encountered the scourge of the clicker:


(Source: Turning Technologies)

First of all, grading students with little pieces of wireless plastic is an awful idea. I’ve used clickers in two semesters’ worth of classes now, and experience tells me that the average student is either being “clicked in” by a friend or will simply talk to their neighbors to find the most correct answer (thoroughly defeating the clicker’s raison d’etre). The only real benefit to the clicker is collecting statistics on absence/whether your class is sleeping, and even that is largely defeated by people clicking in for each other.

More importantly, clickers are a massive scam.

After shelling out a semester rental fee ($20 at my university) or buying one outright (usually $50 to $70), there’s no guarantee that you can actually use your clicker. Depending on your university’s arrangement with the clicker company, you may have to:

From the perspective of a student who’s already spending several hundred dollars a year on (used) textbooks and other services of dubious value, the entire idea of paying for a device that serves the same purpose as a raised hand comes off as ridiculous, It’s also unfair to students who can’t spare the money for a clicker.

So, what can we do to resolve this ugly state of affairs?

Killing the clicker

First, some background:

According to this handy RF Interoperability document, the Turning Technologies RF keypads (a.k.a. “clickers”) use the 2.4GHz ISM Band, with 82 channels at 1MHz increments (from 2.401GHz to 2.482GHz):

clicker frequencies

(Source: Turning Technologies)

Each 1MHz channel corresponds to a classroom channel, allowing up two 82 distinct clicker networks to coexist in proximity (in principle, at least). The clickers are incapable of frequency-hopping when interference is encountered, as this would require a channel-change on not just the receiver but also all student clickers.

With these properties in mind, I can think of two ways to make clickers extremely undesirable to academic institutions:

Passive listening

Knowing that the clickers transmit on the 2.4GHz ISM band and that their subfrequency corresponds 1-to-1 with their channel number (e.g. channel 17 is 2.417GHz), the obvious thing to do is to try and capture clicker transmissions.

Capture enough transmissions, and a pattern can be deduced:

  1. The professor opens a clicker question. You turn on your receiver.
  2. As other students click in, you collect their responses.
  3. Right before the question is closed, you select the most common answer and submit it with your own clicker.
  4. Result: You’re as correct as the majority of the class on every question.

The HackRF One looks like a good choice for the receiver, but it’s awfully expensive ($300!). A cursory Google search reveals that RTL-SDR and a downconverter could probably accomplish the same goal for roughly a tenth of the price.


Passive listening would be really cool, but let’s be pessimistic. Maybe the clicker transmissions can’t be spied on/decoded for whatever reason, or maybe you just forgot to bring your clicker to class.

If you can’t win, you might as well not lose:

  1. The professor opens a clicker question. You turn on your jammer.
  2. Other students try (and fail) to click in, as the entire 1MHz channel is flooded and hopping is impossible.
  3. If the professor tries to go to another channel, you adjust the jammer.
  4. Rinse and repeat for all clicker questions.
  5. Result: Either everybody gets a 0, or no grade at all.

There’s nothing particularly magical behind this method, but it does demonstrate how vulnerable a single-channel transmission system is.

The future of clickers

Some companies, Turning Technologies included, have begun to offer a “cloud” clicker service, which really just supplements the existing infrastructure with smartphone apps and a server somewhere on the Internet.

This is a lot better from a physical security perspective, but it still doesn’t change the fact that clickers are an awful way to measure student performance.

I can only hope that clickers slowly die out, but that doesn’t appear likely in the (near) future. For the time being, I’m willing to settle for poking holes in their implementation and hopefully making them less desirable.

- William