Abstract
Audience response systems, also known as clickers, are used at many academic institutions to offer active learning environments. Since these systems are used to administer graded assignments, and sometimes even exams, it is crucial to assess their security. Our work seeks to exploit and document potential vulnerabilities of clickers. For this purpose, we use software defined radios to perform jamming, sniffing and spoofing attacks on an audience response system in production, which provide different possible methods of cheating. The results of our study demonstrate that clickers are easily exploitable. We build a prototype and show that it is practically possible to covertly steal or forge answers of a peer or even an entire classroom, with high levels of confidence. Additionally, we find that the receivers software of the system lacks protection against unexpected answers, which allows our spoofer to submit any ASCII character and opens the receiver up to possible fuzzing attacks. As a result of this study, we discourage using clickers for high-stake assessments, unless they provide proper security protection.
This is a preview of subscription content, log in via an institution to check access.
References
Students more accepting of using clickers for exams, April 2014. http://my.umbc.edu/groups/doit/posts/44012
HackRF One (2016). https://greatscottgadgets.com/hackrf/
The GNU Radio Foundation, Inc.: GNU Radio (2017). http://gnuradio.org/
Han, J.H., Finkelstein, A.: Understanding the effects of professors’ pedagogical development with clicker assessment and feedback technologies and the impact on students’ engagement and learning in higher education. Comput. Educ. 65, 64–76 (2013). http://www.sciencedirect.com/science/article/pii/S0360131513000237
Kastner, M.: The use of an audience response system to monitor students’ knowledge level in real-time, its impact on grades, and students’ experiences. In: 2016 49th Hawaii International Conference on System Sciences (HICSS), pp. 104–113, January 2016
Kulatunga, U., Rameezdeen, R.: Use of clickers to improve student engagement in learning: observations from the built environment discipline. Int. J. Constr. Educ. Res. 10(1), 3–18 (2014)
Turning technologies: ResponseCard RF (2017). https://www.turningtechnologies.com/response-solutions/responsecard-rf
Valerio, D.: Open source software-defined radio: A survey on gnuradio and its applications. Technical report FTW-TR-2008-002, August 2008. http://www.astro.square7.ch/Datenblaetter/SDRreport.pdf
Acknowledgments
The authors thank Prof. Ari Trachtenberg for his suggestion to investigate fuzzing attacks. This work was supported in part by NSF under grants CNS-1409053, CNS-1563753 and CNS-1717858. The views expressed in this paper are those of the authors only, and do not necessarily reflect the views of NSF.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Phan, K.T., Ewing, R., Starobinski, D., Xin, L. (2017). Brief Announcement: Passive and Active Attacks on Audience Response Systems Using Software Defined Radios. In: Spirakis, P., Tsigas, P. (eds) Stabilization, Safety, and Security of Distributed Systems. SSS 2017. Lecture Notes in Computer Science(), vol 10616. Springer, Cham. https://doi.org/10.1007/978-3-319-69084-1_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-69084-1_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69083-4
Online ISBN: 978-3-319-69084-1
eBook Packages: Computer ScienceComputer Science (R0)