REVERSE ENGINEERING NSA SPY ‘RETRO REFLECTOR’ GADGETS WITH THE HACKRF
http://www.rtl-sdr.com/reverse-engineering-nsa-spy-retro-reflector-gadgets-h... REVERSE ENGINEERING NSA SPY ‘RETRO REFLECTOR’ GADGETS WITH THE HACKRF In 2013 whistleblower Edward Snowden leaked (along with other documents) some information about the American National Security Agencies (NSA) spy tools. One such group of tools named ‘retro reflectors’ has recently been investigated and reverse engineered by Micheal Ossmann, the security researcher behind the recently available for preorder HackRF software defined radio. The HackRF is a SDR similar to the RTL-SDR, but with better performance and transmit capabilities. Newscientist Magazine has written an article about Ossmann’s work here. From their article a retro reflectors are described in the following quote. One reflector, which the NSA called Ragemaster, can be fixed to a computer’s monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the keyboard cable and harvests keystrokes. After a lot of trial and error, Ossmann found these bugs can be remarkably simple devices – little more than a tiny transistor and a 2-centimetre-long wire acting as an antenna. The HackRF comes in to play in the following quote Ossmann found that using the radio [HackRF] to emit a high-power radar signal causes a reflector to wirelessly transmit the data from keystrokes, say, to an attacker. The set-up is akin to a large-scale RFID- chip system. Since the signals returned from the reflectors are noisy and often scattered across different bands, SDR’s versatility is handy, says Robin Heydon at Cambridge Silicon Radio in the UK. Ossmann will present his work at this years Defcon conference in August.
So, what happens if you induce a high-power alternating current in the cable that's resonant with their little aerials (while disconnected from your devices, obviously!); wouldn't that kill the transistors and "bleach" the cable? Who wants to make up some "cable bleachers" that we can clip onto our monitor cables prior to use? :) More interesting as a long-term solution would be crypto-keyboards; USB-HID devices that can somehow set up an authenticated crypto-stream for keystrokes to the computer, to defeat hardware keyloggers. Same might be possible for display and other cables, but USB-HID keyboards might be low-hanging fruit for such an endeavor as so many consumer-end microcontrollers do USB-HID out of the box, like Arduino Leonardo/Micro, are USB-powered, and have the processing power for crypto. On 03/07/14 09:38, Eugen Leitl wrote:
http://www.rtl-sdr.com/reverse-engineering-nsa-spy-retro-reflector-gadgets-h...
REVERSE ENGINEERING NSA SPY ‘RETRO REFLECTOR’ GADGETS WITH THE HACKRF
In 2013 whistleblower Edward Snowden leaked (along with other documents) some information about the American National Security Agencies (NSA) spy tools. One such group of tools named ‘retro reflectors’ has recently been investigated and reverse engineered by Micheal Ossmann, the security researcher behind the recently available for preorder HackRF software defined radio. The HackRF is a SDR similar to the RTL-SDR, but with better performance and transmit capabilities.
Newscientist Magazine has written an article about Ossmann’s work here. From their article a retro reflectors are described in the following quote.
One reflector, which the NSA called Ragemaster, can be fixed to a computer’s monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the keyboard cable and harvests keystrokes. After a lot of trial and error, Ossmann found these bugs can be remarkably simple devices – little more than a tiny transistor and a 2-centimetre-long wire acting as an antenna.
The HackRF comes in to play in the following quote
Ossmann found that using the radio [HackRF] to emit a high-power radar signal causes a reflector to wirelessly transmit the data from keystrokes, say, to an attacker. The set-up is akin to a large-scale RFID- chip system. Since the signals returned from the reflectors are noisy and often scattered across different bands, SDR’s versatility is handy, says Robin Heydon at Cambridge Silicon Radio in the UK.
Ossmann will present his work at this years Defcon conference in August.
-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com
participants (2)
-
Cathal Garvey -
Eugen Leitl