Wireless communication infrastructure is a cornerstone of modern digital society, yet it remains vulnerable to the persistent threat of wireless jamming. Attackers can easily create radio interference to overshadow legitimate signals, leading to denial of service. The broadcast nature of radio signal propagation makes such attacks possible in the first place, but at the same time poses a challenge for the attacker: The jamming signal does not only reach the victim device but also other neighboring devices, preventing precise attack targeting. In this work, we solve this challenge by leveraging the emerging RIS technology, for the first time, for precise delivery of jamming signals. In particular, we propose a novel approach that allows for environment-adaptive spatial control of wireless jamming signals, granting a new degree of freedom to perform jamming attacks. We explore this novel method with extensive experimentation and demonstrate that our approach can disable the wireless communication of one or multiple victim devices while leaving neighboring devices unaffected. Notably, our method extends to challenging scenarios where wireless devices are very close to each other: We demonstrate complete denial-of-service of a Wi-Fi device while a second device located at a distance as close as 5 mm remains unaffected, sustaining wireless communication at a data rate of 25 Mbit/s. Lastly, we conclude by proposing potential countermeasures to thwart RIS-based spatial domain wireless jamming attacks.

翻译：无线通信基础设施是现代数字社会的基石，但其仍面临无线干扰的持续威胁。攻击者可以轻易制造无线电干扰以压制合法信号，导致服务拒绝。无线电信号传播的广播特性首先使得此类攻击成为可能，但同时也给攻击者带来了挑战：干扰信号不仅到达目标设备，也会影响其他邻近设备，从而难以实现精确的攻击目标定位。在本工作中，我们首次利用新兴的RIS技术解决了这一挑战，实现了干扰信号的精确投递。具体而言，我们提出了一种新颖的方法，允许对无线干扰信号进行环境自适应的空间控制，从而为实施干扰攻击提供了新的自由度。我们通过大量实验探索了这一新方法，并证明我们的方法能够使一个或多个目标设备的无线通信失效，同时不影响邻近设备。值得注意的是，我们的方法可扩展到极具挑战性的场景，即无线设备彼此非常接近的情况：我们展示了对一个Wi-Fi设备的完全服务拒绝，而位于仅5毫米距离处的第二个设备完全不受影响，仍能维持25 Mbit/s数据速率的无线通信。最后，我们通过提出潜在的对抗措施来总结，以挫败基于RIS的空域无线干扰攻击。