Showing posts with label wireless. Show all posts
Showing posts with label wireless. Show all posts

Friday, June 7, 2024

New Wireless Eavesdropping Vulnerability - Beam Deflection

A research team led by Rice University’s, Edward Knightly, has uncovered an eavesdropping security vulnerability in high-frequency and high-speed wireless backhaul links, widely employed in critical applications such as 5G wireless cell phone signals and low-latency financial trading on Wall Street.

Contrary to the common belief that these links are inherently secure due to their elevated positioning and highly directive millimeter-wave and sub-terahertz “pencil-beams,” the team exposed a novel method of interception using a metasurface-equipped drone dubbed MetaFly. Their findings were published by the world’s premier security conference, IEEE Symposium on Security and Privacy, in May 2024.


“The implications of our research are far-reaching, potentially affecting a broad spectrum of companies, government agencies and individuals relying on these links,” said Knightly, the Sheafor-Lindsay Professor of Electrical and Computer Engineering and professor of computer science. more

Wednesday, October 6, 2021

LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables

via Cyber Security Labs @ Ben Gurion University

Air-gapped networks are wired with Ethernet cables since wireless connections are strictly prohibited. 

 LANTENNA - a new type of electromagnetic attack allowing adversaries to leak sensitive data from isolated, air-gapped networks. 

Malicious code in air-gapped computers gathers sensitive data and then encodes it over radio waves emanating from the Ethernet cables, using them as antennas. A nearby receiving device can intercept the signals wirelessly, decode the data, and send it to the attacker. 

We discuss the exfiltration techniques, examine the covert channel characteristics, and provide implementation details. Notably, the malicious code can run in an ordinary user-mode process and successfully operate from within a virtual machine. We evaluate the covert channel in different scenarios and present a set of countermeasures. 

Our experiments show that with the LANTENNA attack, data can be exfiltrated from air-gapped computers to a distance of several meters away. more & video

Tuesday, August 3, 2021

The NSA's Wireless Device Best Practices

Telework has become an essential component of business, and many people are teleworking from home or during travel. While the owners of home networks can take steps to secure those networks, it can be difficult to ensure public networks (e.g., conference or hotel Wi-Fi®) are secure. Protecting personal and corporate data is essential at all times, but especially when teleworking in public settings.

This infosheet gives National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) users the best practices for securing devices when conducting business in public settings. It describes how to identify potentially vulnerable connections and protect common wireless technologies, and lists steps users can take to help secure their devices and data. 

While these best practices cannot ensure data and devices are fully protected, they do provide protective measures users can employ to improve their cybersecurity and reduce their risks. more

Friday, July 30, 2021

From the Man Who Brought Us Every Kid's First Spy Toy - Ron Popel (RIP)

How many Mr. Microphones wound up behind the couch when the younger brother's older sister brought her date home?

Monday, July 6, 2020

How attackers hack mobile networks...

...and get access to free data, locations, wiretap calls and more.  
A fairly detailed and interesting article for the technically curious. more

Sunday, May 24, 2020

Cheap TV Equipment Eavesdrops on Sensitive Satellite

An Oxford University-based security researcher says he used £270 ($300) of home television equipment to capture terabytes of real-world satellite traffic — including sensitive data from “some of the world’s largest organisations.”

James Pavur, a Rhodes Scholar and DPhil student at Oxford, will detail the attack in a session at the Black Hat security conference in early August...

It appears to boil down in large part to the absence of encryption-in-transit for satellite-based broadband communications.

It also reveals how some of the eavesdropping was conducted using a “75 cm, flat-panel satellite receiver dish and a TBS-6983 DVB-S receiver… configured to receive Ku-band transmissions between 10,700 MHz and 12,750 MHz. A set of 14 geostationary satellites were selected [and from them] over 350 transponders were identified using existing “Blind Scan” tools. more

Thursday, February 20, 2020

Soviet Spy Radio - Discovered Buried in Germany

Archaeologists digging for the remains of a Roman villa near the German city of Cologne have found a sophisticated Soviet spy radio that was buried there shortly before the fall of the Iron Curtain.

The spy radio (USSR spy radio set - Swift Mark IIIR-394KM, codenamed Strizh) was buried inside a large metal box that was hermetically sealed with a rubber ring and metal screws.

Although the radio's batteries had run down after almost 30 years in the ground, the box hissed with inrushing air when it was opened.

"Everything in the box was carefully encased in wrapping paper — it is a factory-fresh radio," said archaeologist Erich Classen from the Rhineland Regional Association (LVR). more

Collectors and Hams: Time to break out your metal detectors. ~Kevin

Wednesday, February 12, 2020

Wireless Tech to Steal Luxury Cars in Seconds

As they both walked through a dimly lit parking garage, one of the pair of men peered at a black, laptop-sized device inside his messenger bag. Using buttons on its outer case, he flicked through various options on the device's bright LED screen before landing on his choice....

"EvanConnect," one of the men in the video who goes by a pseudonym online, embodies a bridge between digital and physical crime. These devices he sells for thousands of dollars let other people break into and steal high end vehicles. He claims to have had clients in the U.S., UK, Australia, and a number of South American and European countries.

"Honestly I can tell you that I have not stolen a car with technology," Evan told Motherboard. "It's very easy to do but the way I see it: why would I get my hands dirty when I can make money just selling the tools to other people." more

Tuesday, October 8, 2019

A Blue Blaze Irregular Asks About RFID Money Detectors

Hi Kevin, 

I would love it if you did a report on the RFID in currency and the "detectors" that are used to identify the exact amount of cash in a car, suitcase, etc. 

For example, a husband and wife were driving with $14,000 cash to buy a car when an automobile from Homeland Security pulled alongside them for a minute to scan their car. When they realized the car had $14,000 in it, they informed the local law enforcement which then proceeded to pull the car over to confiscate the money. Or the sheriff in Northern California who uses a similar "detector" to pull over people who are bringing cash to Nor Cal to buy cannabis during harvest season. From what I've read, wrapping anything that has the RFID in it with aluminum foil or a Faraday cage-like material is enough to block any signals. I think your readers would find this very interesting. 

Thanks Kevin I appreciate it. 

FutureWatch: I looked into it and found some interesting articles. It appears the U.S. Treasury department is looking into it. They currently have a Request for Information (RFI) out to develop this technology. Answers due by January, 24, 2020.

Technical papers on this technology include...
Banknote Validation through an Embedded RFID Chip and an NFC-Enabled Smartphone
A Comparison Survey Study on RFID Based Anti-Counterfeiting Systems
RFID banknotes

Apparently, this technology has been explored since at least 2001. I couldn't find that it has been implemented anywhere... yet. It appears it may be coming, however.

Our BBI is correct. RFID readers can be easily blocked by Faraday Cage techniques.

All this reminds me weapons of war; evolutionary stair-step escalation through the ages.

Double FutureWatch: RFID tracking of currency may become a moot point if governments leap-frog into cryptocurrencies.

Tuesday, August 20, 2019

The Peregrination of a Childhood Promise

Finally, another childhood fantasy becomes reality. Hard on the heals of wall screen TVs; Dick Tracy's wrist radio.

  • The now iconic 2-way wrist radio premiered in 1946 and was replaced with a 2-way wrist TV in 1964.
  • 1952 prototype wrist radio.
  • 1960's wrist radio.
  • Apple watch Walkie-Talkie.
  • FutureWatch: A "Real" Dick Tracy wrist radio watch. (Bluetooth)
  • Wrist radios on ebay.
  • Wrist radios on Amazon.
  • In June of 1954, the radio was upgraded to increase the range from 500 miles to 1,000 miles, then again in 1956 to 2,500 miles. 
Chester Gould’s idea of Tracy wearing something like this on his wrist in the comic strip was actually turned down by his employer because it was thought to be too much of a cheat, so-to-speak, an easy way out for the detective who had been written into a scene where he was held captive with no possible way of escaping from the criminals.


It was then that Gould decided to call an inventor he had met, Al Gross (pictured above).

Al Gross was a man way ahead of his time with inventions such as the walkie-talkie. When Gross was just 16 years old, he already had an amateur radio operator's license and had built a ham radio going on to invent the first telephone pager in 1949.

When Gould stopped by, Al Gross had just recently invented a two-way radio that people could wear on their wrists, just like a watch. Gould asked Gross if he could use his idea and that’s where Dick Tracy’s wrist watch radio came into being. Gould was so appreciative that as a Thank You, he gave Gross the first four panels of the cartoon where Tracy is seen wearing and using the soon-to-be infamous gadget. The device proved to be the exact answer for Dick Tracy to rescue himself from the seemingly impossible situation.

Still on my list...
  UPDATE - 8/27/19
Apple reportedly kills project to turn iPhone into 'walkie talkie'
Damn!

Wednesday, June 5, 2019

Pinky Promise from Huawei

A top Huawei executive said Tuesday that the company is willing to sign a "no-spy agreement" with the United States to reassure U.S. leaders who say the company's technology could be used for surveillance. The offer is similar to proposals the Chinese tech giant has made to the United Kingdom and Germany, and it comes after weeks of intense pressure from the Trump administration. more

Wednesday, February 6, 2019

Spybusters Tip #847: Stop Car Theft via Key Fob Signal Intercept

By simply wrapping your key FOB in aluminum foil you can prevent a thief from intercepting the signal. 

If you park your car outside at home then you might consider using a foil-lined container or placing your keys in a coffee can.

I’m going to start wrapping mine in aluminum foil when I travel and stay in a hotel. If you doubt that this issue is a serious threat then watch How Thieves Unlock A Car. more

A big thank you to our Blue Blaze Irregular ensconced in Illinois for alerting us to this tip. ~Kevin

Saturday, December 8, 2018

FutureWatch: Tooth Bugs

Sonitus Technologies, creators of the Sonitus Sensory Interface Platform, is enabling real-time wireless communications and monitoring of physiological information of users in the most challenging defense, security and commercial environments.

The company’s initial sensory platform-based solution is Molar Mic, a novel personal communications device that snaps-easily to the back teeth of a user and creates an entirely new audio interface.

By creating a new audio path (bone conduction), it eliminates the need for ear pieces, microphones and wires on a user’s head.

Incorporating a miniaturized microphone and receiver into a dime-sized mouthpiece, Molar Mic sustains unbroken two-way voice connectivity in communications networks critical to personal safety and performance across defense, public safety, aerospace, power, oil & gas, and professional applications.

Molar Mic is in its final field testing with the US Air Force. more

Wednesday, April 18, 2018

Senators Demand More Information About DC Mobile Snooping Devices

A bipartisan group of four Senate privacy hawks are demanding the Department of Homeland Security publish more information about the evidence of mobile snooping devices in Washington and surrounding areas.

"The American people have a legitimate interest in understanding the extent to which US telephone networks are vulnerable to surveillance and are being actively exploited by hostile actors," Sens. Ron Wyden, D-Oregon, Cory Gardner, R-Colorado, Ed Markey, D-Massachusetts, and Rand Paul, R-Kentucky, wrote in a letter Wednesday to Christopher Krebs, the top infrastructure and cybersecurity official at the Department of Homeland Security...

"These things have the capability of tracking. So, if you want to pick a person and say, let's see where they go and who they talk to during the day, that might give you just enough intelligence to make some decisions without even doing the eavesdropping," Kevin D. Murray, a counter espionage expert, told CNN in an interview. more

Friday, March 30, 2018

Scientists Develop Tiny Tooth-Mounted Sensors That Can Track...

...what you eat!

Monitoring in real time what happens in and around our bodies can be invaluable in the context of health care or clinical studies, but not so easy to do. That could soon change thanks to new, miniaturized sensors developed by researchers at the Tufts University School of Engineering that, when mounted directly on a tooth and communicating wirelessly with a mobile device, can transmit information on glucose, salt and alcohol intake...

Tufts engineers sought a more adoptable technology and developed a sensor with a mere 2mm x 2mm footprint that can flexibly conform and bond to the irregular surface of a tooth. In a similar fashion to the way a toll is collected on a highway, the sensors transmit their data wirelessly in response to an incoming radio-frequency signal. more

Just in case you were disappointed that this was not a story about a mysterious tooth implant...

Wednesday, March 14, 2018

From Those Wonderful Folks Who Killed Air-Gap Security - This Bud Screws You

A research team from Israel’s Ben-Gurion University of the Negev's cybersecurity research center has discovered a new way of data extraction from air-gapped computers via using passive devices like earbuds, earphones, headphones, and speakers.

Now, the same research center has claimed to be able to use computer speakers and headphones to act as microphones and receive data. The devices can be used to send back the signals and make the otherwise safe practice of air-gapping less secure.

As per the new technique [PDF], data is extracted in the form of inaudible ultrasonic sound waves and transmission occurs between two computers installed in the same room while data is shared without using microphones. more

Thursday, February 22, 2018

Dronebusters

Two drones headed north above Capitol Boulevard toward the Idaho statehouse. Lt. Gov. Brad Little stood to Gov. Butch Otter’s right at the top of the Capitol steps and watched...

The demonstration by Black Sage Technologies showed off the Boise company’s system to immobilize drones that might be carry a bomb, drop contraband or weapons into prison recreation yards, or spy on sensitive operations.

Black Sage uses cameras, radar and other tools to detect drones. It can see them at least three and a half miles away. The company sometimes demonstrates its anti-drone system at military bases. Wednesday’s exhibition was one of the few times the public has gotten to see it. more

Wednesday, February 14, 2018

Seattle's $3,750,000.00 Lightpole Art Exhibit Closes, or Sightless in Seattle

Back in 2013, the Security Scrapbook featured Seattle's new citywide surveillance system.

"A New Apparatus Capable of Spying on You Has Been Installed Throughout Downtown Seattle. Very Few Citizens Know What It Is, and Officials Don’t Want to Talk About It."

2018...
Five years after activists forced Seattle's mayor to return the city's surveillance drones to their manufacturer, the city has announced that it is terminating its warrantless mass-surveillance program altogether.

The DHS gave the city a $3.6m grant to build out a mesh wireless network that could be enjoyed by the public and also provide communications services during emergencies -- but it was also specked to do continuous location-based surveillance as well as CCTV surveillance from lightpoles all over the city.

Activists worked with the ACLU to pressure the city to work with police to produce a privacy policy that would explain when this data would be gathered, how long it would be retained, and how it would be used. The devices were switched off while these questions were to be answered.

Five years on, the police and city were unable to articulate an answer to these questions, and so now they're spending $150,000 to tear all the gear (including the mesh networking access points) out, rather than accept any limitations on their use. more

Monday, February 12, 2018

Number Stations, Spies... and The Sultans of Swing (?!?!)

Numbers stations: The 'spy radio' that anyone can hear...

For decades, people around the globe have been able to listen in to mysterious spy broadcasts from all over the world with just a radio.

Gordon Corera has been investigating the strange world of number stations. more

Tuesday, January 2, 2018

Proof 2018 will be a Great Year for TSCM Teams

The cost of eavesdropping, espionage, spying, and general snooping has gone the way of "long-distance" phone bills. For the cost of a visit to Starbucks, a few bucks can make everyone an eavesdropper, and apparently it's happening. Just look at the ad below for an FM wireless bug. China can't produce them fast enough. They are sold out! (more)

Click to enlarge.
But, fear not dear buggers, you can still obtain GSM USB charger plug bugs. Unlike the FM bug, you don't have to be somewhere nearby to listen-in. Just call it from your cell phone, anywhere in the world. (more)

Click to enlarge.
Happy New Year. Be safe... Support your favorite Technical Surveillance Countermeasures team.