EP037 – Hardware Snoops, Dawg
Music provided by: Denis Kreynin https://soundcloud.com/denis-kreynin
Greetings & Banter
Apologies for monotone last episode
Lots of shows on TV now covering computer crime. CSI Cyber, Scorpion, Mr. Robot
Topic for this week
Acoustic Kitty: CIA 1960s invested $20M to place a microphone in a cat’s ear canal and a radio transmitter in the base of cat’s skull.
TEMPEST: Another CIA program from the late 1960s that monitors Electromagnetic Radiation. This is called Van Eck phreaking now. Back when things were wired, the radiations came off of the wires transmitting signals or the device actually peripheral device’s circuitry. Discovered that it could be used to see what someone’s big monitor is displaying. Youtube video sniffing wired keyboard.
Also, wireless devices have to work over Electromagnetic Radiation, so unless crytpo is built in, that can be intercepted. Since they’re supposed to be short distances manufacturers may not worry about building in crypto, or use really weak stuff like Microsoft has. Samy Kamkar’s arduino keysweeper
Spy movies always have people putting audio bugs in a room. These things exist but aren’t really computer security problems… Or are they? 3 University of California Berkley Students found a way: http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_Emanations_Revisited/TISSEC.pdf
Laser microphone – Wikipedia, the free encyclopedia : Use windows as a microphone with freakin’ laser beams.
Michael Rubinstein: See invisible motion, hear silent sounds | Talk Video | TED.com : Even better than laser for stealing info.
TouchLogger: Inferring Keystrokes On Touch Screen From : What else can the accelerometer pick up?
FBI really doesn’t want anyone to know about “stingray” use by local cops | Ars Technica : Fake cell towers used to MitM smartphone comms
USB Keyloggers and Computer Surveillance – Spy Gadgets : There’s PS2 versions too
TEMPEST shielded cables, Faraday cages, detecting USB HIDs, wavy glass, and no glass can help protect against some of these baddies.
Bonus: Certified pre-pwned devices: How to remove the Superfish malware: What Lenovo doesn’t tell you | Ars Technica