Tags: programming, security, rant
Foreword: I don't encourage you to cheat or otherwise interfere with your school's clickers. Take this post as an elucidation of how broken (and unreasonable) the usage of clickers is, rather than a guide to making your university's honor council unhappy.
If you're in higher education (or have been in the last decade or so), you've probably encountered the scourge of the clicker:
(Source: Turning Technologies)
First of all, grading students with little pieces of wireless plastic is an awful idea. I've used clickers in two semesters' worth of classes now, and experience tells me that the average student is either being "clicked in" by a friend or will simply talk to their neighbors to find the most correct answer (thoroughly defeating the clicker's raison d'etre). The only real benefit to the clicker is collecting statistics on absence/whether your class is sleeping, and even that is largely defeated by people clicking in for each other.
More importantly, clickers are a massive scam.
After shelling out a semester rental fee ($20 at my university) or buying one outright (usually $50 to $70), there's no guarantee that you can actually use your clicker. Depending on your university's arrangement with the clicker company, you may have to:
From the perspective of a student who's already spending several hundred dollars a year on (used) textbooks and other services of dubious value, the entire idea of paying for a device that serves the same purpose as a raised hand comes off as ridiculous, It's also unfair to students who can't spare the money for a clicker.
So, what can we do to resolve this ugly state of affairs?
First, some background:
According to this handy RF Interoperability document, the Turning Technologies RF keypads (a.k.a. "clickers") use the 2.4GHz ISM Band, with 82 channels at 1MHz increments (from 2.401GHz to 2.482GHz):
(Source: Turning Technologies)
Each 1MHz channel corresponds to a classroom channel, allowing up two 82 distinct clicker networks to coexist in proximity (in principle, at least). The clickers are incapable of frequency-hopping when interference is encountered, as this would require a channel-change on not just the receiver but also all student clickers.
With these properties in mind, I can think of two ways to make clickers extremely undesirable to academic institutions:
Knowing that the clickers transmit on the 2.4GHz ISM band and that their subfrequency corresponds 1-to-1 with their channel number (e.g. channel 17 is 2.417GHz), the obvious thing to do is to try and capture clicker transmissions.
Capture enough transmissions, and a pattern can be deduced:
The HackRF One looks like a good choice for the receiver, but it's awfully expensive ($300!). A cursory Google search reveals that RTL-SDR and a downconverter could probably accomplish the same goal for roughly a tenth of the price.
Passive listening would be really cool, but let's be pessimistic. Maybe the clicker transmissions can't be spied on/decoded for whatever reason, or maybe you just forgot to bring your clicker to class.
If you can't win, you might as well not lose:
There's nothing particularly magical behind this method, but it does demonstrate how vulnerable a single-channel transmission system is.
Some companies, Turning Technologies included, have begun to offer a "cloud" clicker service, which really just supplements the existing infrastructure with smartphone apps and a server somewhere on the Internet.
This is a lot better from a physical security perspective, but it still doesn't change the fact that clickers are an awful way to measure student performance.
I can only hope that clickers slowly die out, but that doesn't appear likely in the (near) future. For the time being, I'm willing to settle for poking holes in their implementation and hopefully making them less desirable.