REVERSE ENGINEERING NSA SPY ‘RETRO REFLECTOR’ GADGETS WITH THE HACKRF

[Eugen Leitl]

http://www.rtl-sdr.com/reverse-engineering-nsa-spy-retro-reflector-gadgets-hackrf/ 

REVERSE ENGINEERING NSA SPY ‘RETRO REFLECTOR’ GADGETS WITH THE HACKRF

In 2013 whistleblower Edward Snowden leaked (along with other documents) some
information about the American National Security Agencies (NSA) spy tools.
One such group of tools named ‘retro reflectors’ has recently been
investigated and reverse engineered by Micheal Ossmann, the security
researcher behind the recently available for preorder HackRF software defined
radio. The HackRF is a SDR similar to the RTL-SDR, but with better
performance and transmit capabilities.

Newscientist Magazine has written an article about Ossmann’s work here. From
their article a retro reflectors are described in the following quote.

One reflector, which the NSA called Ragemaster, can be fixed to a computer’s
monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the
keyboard cable and harvests keystrokes. After a lot of trial and error,
Ossmann found these bugs can be remarkably simple devices – little more than
a tiny transistor and a 2-centimetre-long wire acting as an antenna.

The HackRF comes in to play in the following quote

Ossmann found that using the radio [HackRF] to emit a high-power radar signal
causes a reflector to wirelessly transmit the data from keystrokes, say, to
an attacker. The set-up is akin to a large-scale RFID- chip system. Since the
signals returned from the reflectors are noisy and often scattered across
different bands, SDR’s versatility is handy, says Robin Heydon at Cambridge
Silicon Radio in the UK.

Ossmann will present his work at this years Defcon conference in August.