Technical Espionage Tool #423 - Wireless Keyboards & Mice

The wireless link between your mouse and dongle might not be as useful as you think. A new hack shows that the links are often unencrypted and can be used to gain control of your computer.

Security researchers from Bastille Networks have found that non-Bluetooth wireless keyboards manufactured by Logitech, Dell, and Lenovo don’t encrypt communication between the input device and the dongle plugged into a computer’s USB slot. That’s allowed them to create an attack—that they’re calling Mousejack—which injects commands into the dongle.

The team claims the attack can be carried out from up to 300 feet away from the victim’s computer given the right hardware. Once compromised, the hacked dongle allows the team to transmit malicious packets that generate keystrokes.

While that might not sound too useful, remember that one of those packets can hold an awful lot of keystrokes—the equivalent of 1,000 words-per-minute of typing, according to the researchers. That’s enough to install a rootkit capable opening access to your whole computer in under 10 seconds, apparently—which means you might never know your wireless mouse dongle had been hacked. And once that’s done, it’s game over. more

Do You Have an IoT in the Workplace Policy? (you need one)

via Rafal Los 
It’s the beginning of the year, and for many of us that means hauling in some new gear into the office. Santa continues to bring more widgets and gizmos, and some of that stuff comes to the office with you. I think this is as good a time as any to think about the Internet of Things (IoT) and what it means for your CISO.

We’ve had an Amazon Echo at my house for a while now, since I couldn’t help myself but get on the early adopters list long ago. Truth be told, I love it. Alexa tells me the weather, keeps the twins’ Raffi albums close at hand, and reminds me to buy milk. But since my daughter has discovered her inner spider monkey, she likes to climb up on the cabinet where Alexa lives and likes to talk to her… and pull on the power cable. Also, she once turned the volume up all the way so that when I asked Alexa the weather at 6:30 a.m. I woke up the entire house…whoops. So long story short, Alexa has been unplugged, and I thought … why not take it to the office?

The find.

Here’s the issue — Echo is “always listening” so there’s that question of how welcome she would be in my office where confidential and highly sensitive conversations are a-plenty. Furthermore, Echo streams music and would need my credentials to get wireless network access. I suppose I could just use my personal Wi-Fi hotspot, but that seems like a waste. In case you’re wondering, I opted to not test my CISO’s good will, and Alexa will just have to live with my twins’ abuse. more

This is not a theoretical, I found an Echo in a top executive's office last year. He said it was a gift.

Add an IoT policy to your BYOD policy, and have us check for technical surveillance items and information security loopholes periodically. ~Kevin

A $50. Audio Video Bugging Device is Child's Play

Remote Spy Mode
The Video Walkie Talkies act as a hidden camera. Place one Walkie in a secret location, press the activation button on the other and you’ll instantly have a hidden, live-feed surveillance cam. If you leave your Video Walkies for 15 minutes unused they automatically turn off to save power. When your mission is complete, the Video Walkie Talkies easily fold up for compact storage and screen protection! Gear up with the Spy Gear Video Walkie Talkies!

No Data or Wi-Fi Required
The Video Walkie Talkies do not require Data or Wi-Fi to use! Just press the activation button and you can wirelessly communicate with your friends on video! With a range of up to 160 feet you’ll be in constant communication with your fellow agent.

Quick Set Up – Easy As 1-2-3
Only Spy Gear has the spy technology to let you stay in constant 2-way, visual and audio communication at long range! Open up your Video Walkie Talkies and turn the power on. You’ll instantly be able to see your friends on the LCD screen. Now press the TRANSMIT BUTTON for audio communication with the other Video Walkie. Want to go stealth? Plug headphones into both Video Walkies to listen in secret and communicate without pressing the TRANSMIT BUTTON. more

Security Director Alert - 80% Chance Your Card Key System Can Be Bypassed

A device the size of a quarter that can be installed in 60 seconds on a proximity card reader could potentially be used to break physical access controls in 80 percent of deployments.

The device, dubbed BLEKey, is used to read cleartext data sent from card readers to door controllers to either clone cards or feed that data to a mobile application that can be used to unlock doors at any number of installations.

The hack unveiled at Black Hat is worrisome for facilities reliant on proximity cards and readers for access to buildings in critical industries or enterprises. Researchers Eric Evenchick, an embedded systems architect at electric car manufacturer Faraday Future, and Mark Baseggio, a managing principal consultant at Optiv (formerly Accuvant), used the ubiquitous HID cards and readers in a number of successful demos during their talk, but said that it’s likely the same weaknesses that facilitate their attacks are present in devices from other manufacturers. more video

Really Scary: 29:35 minutes into the video they explain how to make a card-key interceptor, stick it into a back pack, go to the target workplace, get in an elevator with employees (or just close to one of them), secretly read everyone's cards, and make a clone card.
Happy Halloween ~Kevin

Gang Using Spy Cam, Bluetooth for Exam Paper Leaks Busted

India - Police have busted a New Delhi-based gang involved in assembling spy cameras and bluetooth devices in undergarments and shirts to facilitate question paper leaks in important competitive exams across the country.

...the accused used to assemble spy cams and bluetooth devices in shirts, briefs and vests, mobile hardware kits, and other equipment to get the question papers leaked out from the exam centres...

...the kit included an android smartphone which was connected with a spy cam in cuff of a shirt. The question paper was clicked by some candidate or a staff member through spy camp and smuggled outside the examination centre through drop box application.

The paper was then distributed through e-mails or WhatsApp to a team of six to eight teachers, who solved the paper. The candidates, who paid for the solved paper, were given a bluetooth ear device which did not require mobile handset and acted just as receiver. The accused had assembled a set with 40 mobile phones through which the answers were dictated to the candidates... more

Operation Armchair - Son of The Thing, or...

...how a small Dutch company, helped the CIA to eavesdrop on the Russians.

"A small company from Noordwijk, Dutch Radar Research Station, worked for the CIA for decades. It built sophisticated listening devices that the Americans used against the Soviet Union. I came across this story when a schoolmate gave me papers of his grandfather. Along with intelligence expert, Cees Wiebes, I reconstructed in eighteen months the never told key role that this Dutch company played during the Cold War." ~ Maurits Martijn
(A long, but interesting story.) 

He's Back... The Air Gap Computer Hack

Researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have discovered that virtually any cellphone infected with a malicious code can use GSM phone frequencies to steal critical information from infected “air-gapped” computers.

Air-gapped computers are isolated -- separated both logically and physically from public networks -- ostensibly so they cannot be hacked over the Internet or within company networks.


Led by BGU Ph.D. student Mordechai Guri, the research team discovered how to turn an ordinary air-gapped computer into a cellular transmitting antenna using software that modifies the CPU firmware. GSMem malicious software uses the electromagnetic waves from phones to receive and exfiltrate small bits of data, such as security keys and passwords...

This is the third threat the BGU cyber team has uncovered related to what are supposed to be secure, air-gapped computers. Last year, the researchers created a method called Air-Hopper, which utilizes FM waves for data exfiltration. Another research initiative, BitWhisper, demonstrated a covert bi-directional communication channel between two close-by air-gapped computers using heat to communicate. more

How Your Washing Machine Can Steal Computer Files

(Leave it to CNN to come up with such a misleading lede and headline.)


Imagine hackers stealing top secret files from a military base. Except they don't need the Internet to pull data out of the facility's computers. Instead, they can just infect an office printer and -- with software alone -- turn it into a radio.

This sounds like sci-fi, but it's now possible. Security researchers at a Manhattan startup have discovered how to make any modern device -- printer, washing machine, air conditioner -- broadcast invisible, inaudible signals for miles.

That's a game changer -- and a huge step forward for hackers...

Last week, the team at Red Balloon Security demonstrated how it works to several news reporters.

They infected a Pantum laser printer and toyed with its circuits, making it do something it was never meant to. By quickly switching a chip's energy output back and forth, the printer emits electromagnetic radiation. more

TEMPEST re-packaged.
Note to clients... Please don't worry. We can easily detect this.

Down Under News - Spy Camera Found in Toilet at Shopping Center

Australia - Detectives are investigating how a small camera came to be hidden inside a smoke alarm in a public toilet at a suburban Perth shopping centre.

Its discovery by a worker, understood to be an electrician, on Friday prompted management at Belmont Forum to conduct a “thorough sweep” of all its facilities to ensure there were no other devices.

WA Police are examining the contents on the camera.

A man posted on Facebook on Friday that he was working at Belmont Forum and when he went to the toilet he noticed the smoke alarm flashing. He said he pulled the smoke alarm cover off the ceiling and found a cordless camera inside.

The man said the discovery made him feel sick. He urged people to be vigilant about anything “dodgy” and to check for “domestic battery-operated smoke alarms” in public toilets.

Images posted on Facebook of what looks like a hidden camera, discovered in a smoke detector.

A spokeswoman for Belmont Forum said: “The device was immediately handed into centre management and subsequently turned over to WA Police.

“Belmont Forum is assisting WA Police with the investigation and has conducted a thorough sweep of all the facilities in the shopping centre. No further devices have been found.” more 

Interesting... This is the same camera I featured in the Basic Cameras chapter of my on-line Spycam Detection training course. Even more interesting... the camera also transmits a wireless signal directly to a smartphone. You can preview the Basic Cameras chapter for FREE. https://www.udemy.com/spycam-detection/ (scroll down to Basic Cameras)

FutureWatch - The Dark Art of Light Eavesdropping is Coming

Maite Brandt-Pearce, a professor in the Charles L. Brown Department of Electrical and Computer Engineering, and Mohammad Noshad, now a postdoctoral fellow in the Electrical Engineering Department at Harvard University, have devised a way of using light waves from light-emitting diode fixtures to carry signals to wireless devices at 300 megabits per second from each light. It’s like having a whole wi-fi system all to yourself; using light waves, there would be more network access points than with radio waves, so less sharing of the wireless network...

Their breakthrough means that data can be transmitted faster with light waves using no more energy than is already required to run the lights....

“You can use it any place that has lighting,” Brandt-Pearce said. “In a stadium, in a parking lot, or from vehicle to vehicle if using LED headlights and taillights.”

Like current wireless communications, encryption is necessary to keep data secure, but Brandt-Pearce noted that a secure network could be created in a room with no windows.

“It can’t be detected outside the room because the light waves stop when they hit something opaque, such as a wall,” she said. “That can keep communications secure from room to room.” (Generally speaking. However, a hair-like strand of fiber optic poking into the fixture from above the false ceiling should do the trick.)

And two separate networks in different rooms would not interfere with each other the way they do with present wi-fi networks.

She said devices with LED circuits in them can also communicate with each other. more more

Modulation of room lights for eavesdropping purposes is not new. The advent of ubiquitous LED lighting, however, will dramatically increase the effectiveness and ease of this tactic for eavesdropping... and the long-range wireless interception of computer data via optical means (even if it is encrypted).

Handy Bluetooth Store and Forward Mini Microphone (OK, who said bug?)

A new device is aiming to do for audio recording what the GoPro did for video recording. The Instamic is a small, self-contained, high-quality sound recorder. It is aimed at musicians, filmmakers, journalists, bloggers and other people who need a simple and effective means of capturing sound.


There are two versions of the Instamic: the Go and the Pro. Both offer mono and dual mono recording, with the Pro boasting stereo recording as well. The Pro is also waterpoof up to 5 ft (1.5 m) for a maximum three hours (in accordance with IP68), whereas the Go is only splash-proof. Other than those differences, the models are pretty much identical.

They each provide ultra-low power digital signal processing, with a sample rate of 48 kHz and a 24-bit bitrate. Their microphones capture between the frequencies of 50 and 18,000 Hz, with a reasonable signal-to-noise ratio of 67 dB and and maximum sound pressure level of 120 dB. more

FutureWatch - FM Bugs Are So Arco - Coming Soon... Bugs with Pluck

For the first time in history, a prototype radio has been created that is claimed to be completely digital, generating high-frequency radio waves purely through the use of integrated circuits and a set of patented algorithms without using conventional analog radio circuits in any way whatsoever. This breakthrough technology promises to vastly improve the wireless communications capabilities of everything from 5G mobile technology to the multitude devices aimed at supporting the Internet of Things.

The significance of this new technology cannot be overstated: Every aspect of radio frequency generation is said to be created using a string of digital bits, and nothing else. There are no analog circuits, no filters, no chokes, none of the traditional circuitry and components expected in a radio transmitter. Consisting of a mere handful of components, including a couple of integrated circuits, an antenna, and not much else, the transmitter – dubbed Pizzicato – promises to change the face of wireless transmission.

Created by Cambridge Consultants, the initial trials of the Pizzicato have been claimed to show that it has fully met all the expectations of its myriad performance requirements. But more than this, the Pizzicato has brought bulky radio circuits down to microprocessor levels, with the promise of even smaller, more efficient uses of the technology in future. more

UK - Former Deputy Prime Minister Finds Car Bugged

UK - John Prescott has turned detective after finding his Jaguar had been bugged.

The former Deputy Prime Minister discovered the device hidden in his car when he took it to a garage because it had problems starting.

Mechanics found a tracker concealed under the driver’s seat that was hooked up to the car battery, draining its power.

The sophisticated device uses mobile phone technology and is capable of reporting the Jag’s movements at all times. It also has an inbuilt microphone enabling it to pick up conversations.

And the 6 inch-square black box is even capable of immobilising the car if instructed to by mobile phone.

Lord Prescott told the Sunday Mirror: “I’ve been told that whoever knows the SIM card that goes with the tracker can send out a signal and stop the engine...

"This type of surveillance breaches our right to privacy – I’ve had my mobile hacked, my phone tapped, and now someone might have been tracking my car.”

But insisting he was calm about the find he joked: “I can only hope whoever listened to my conversations installed an automatic bleeper too.”
(more)

Best guess from here... Installed by the car dealership, or previous owner, to thwart late payments or theft.

TEMPEST in a Tea Shop, or Dude, You're Leaking

If you’re sitting in a coffee shop, tapping away on your laptop, feeling safe from hackers because you didn’t connect to the shop’s wifi, think again. The bad guys may be able to see what you’re doing just by analyzing the low-power electronic signals your laptop emits even when it’s not connected to the Internet. And smartphones may be even more vulnerable to such spying.


Researchers at the Georgia Institute of Technology are investigating where these information “leaks” originate so they can help hardware and software designers develop strategies to plug them. By studying emissions from multiple computers, the researchers have developed a metric for measuring the strength of the leaks — known technically as “side-channel signal” — to help prioritize security efforts.
(more)

Norway Alerts Politicians After Eavesdropping Devices Found

Norwegian police said Sunday they have warned politicians about possible eavesdropping of cellphone calls after several listening devices were reportedly found in central Oslo, including near government buildings and Parliament.

Siv Alsen from the security police said the National Security Authority has begun an investigation, but could not provide more information pending the agency's report...

Her comments followed media reports that illegal listening and tracking devices were found in fake mobile base stations, which could be used to monitor calls and data, as well as trace the movement of people in the area. (more)

Smart Televisions Highly Susceptible to Hacking via Radio Transmission

Researchers discover a massive security flaw in smart TV’s that allow hackers to intercept data broadcasts, insert malicious code, and transform the TV into an antenna that infects all other Internet-connected devices in the household. 

Once the television is infected, it seeks out all other devices connected to the router.

The attacks are untraceable as no source IP address or DNS server is ever presented, instead, hackers perform a classic “man-in-the-middle” attack using radio transmissions. The hijacking, which was discovered by Yossef Oren and Angelos Keromytis from the Network Security Lab at Columbia University, can be accomplished with as little as a $250 antenna. (more) (video)

FutureWatch: Ant-Sized Radio Swarms Will Net Everything

A team of researchers from Stanford University and the University of California, Berkeley, has created prototype radio-on-a-chip communications devices that are powered by ambient radio waves. Comprising receiving and transmitting antennas and a central processor, the completely self-contained ant-sized devices are very cheap to manufacture, don't require batteries to run and could give the "Internet of Things" (IoT) a serious kick start. (more)



Let's just call it "Spy Dust".

FutureWatch: Eavesdropping on Potato Chip Bags... You may be next.

Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.

In other experiments, they extracted useful audio signals from videos of aluminum foil, the surface of a glass of water, and even the leaves of a potted plant. The researchers will present their findings in a paper at this year’s Siggraph, the premier computer graphics conference.

 

“When sound hits an object, it causes the object to vibrate,” says Abe Davis, a graduate student in electrical engineering and computer science at MIT and first author on the new paper. “The motion of this vibration creates a very subtle visual signal that’s usually invisible to the naked eye. People didn’t realize that this information was there.” (more)

China Outlawed Manufacturer & Sale of Bugging Devices... meh

Gadgets such as tracking devices and wiretapping bugs have been popular products on China's online shopping websites. Their popularity has not waned even after being declared illegal by the Chinese government, which has since begun shutting down businesses selling and using them, reports the Beijing News...

Most of the sellers in Zhongguancun, which has been dubbed "China's Silicon Valley," only offer the devices when clients ask. Some of them have stopped selling these devices after Chinese authorities banned producing and selling wiretapping devices and hidden cameras on May 1. Producing and selling these devices can be punishable by up to three years in jail. People using them can serve up to two years.

The law seems not to have deterred their sale, however. Over thousands of these devices are available on China's leading e-commerce website Taobao at prices ranging from hundreds to thousands of yuan. They are all advertised as "theft or lost item prevention" devices to avoid legal responsibilities. (more)

UK Man Restores WWII Surveillance Gear

UK - Spy supremo Peter Sables has tapped into history with his collection of wartime surveillance gear.

The radio buff has lovingly restored a string of listening devices used by the Allies against Nazi Germany during World War Two to create a nostalgic goldmine dating back more than 70 years.

And now his hobby has sparked the interest of a museum which is to take up some of his wireless sets as part of a new exhibition. (more)