REVERSE ENGINEERING NSA SPY ‘RETRO REFLECTOR’ GADGETS WITH THE HACKRF

Thu Jul 3 02:12:15 PDT 2014

So, what happens if you induce a high-power alternating current in the
cable that's resonant with their little aerials (while disconnected from
your devices, obviously!); wouldn't that kill the transistors and
"bleach" the cable?

Who wants to make up some "cable bleachers" that we can clip onto our
monitor cables prior to use? :)

More interesting as a long-term solution would be crypto-keyboards;
USB-HID devices that can somehow set up an authenticated crypto-stream
for keystrokes to the computer, to defeat hardware keyloggers. Same
might be possible for display and other cables, but USB-HID keyboards
might be low-hanging fruit for such an endeavor as so many consumer-end
microcontrollers do USB-HID out of the box, like Arduino Leonardo/Micro,
are USB-powered, and have the processing power for crypto.

On 03/07/14 09:38, Eugen Leitl wrote:
> 
> http://www.rtl-sdr.com/reverse-engineering-nsa-spy-retro-reflector-gadgets-hackrf/ 
> 
> REVERSE ENGINEERING NSA SPY ‘RETRO REFLECTOR’ GADGETS WITH THE HACKRF
> 
> In 2013 whistleblower Edward Snowden leaked (along with other documents) some
> information about the American National Security Agencies (NSA) spy tools.
> One such group of tools named ‘retro reflectors’ has recently been
> investigated and reverse engineered by Micheal Ossmann, the security
> researcher behind the recently available for preorder HackRF software defined
> radio. The HackRF is a SDR similar to the RTL-SDR, but with better
> performance and transmit capabilities.
> 
> Newscientist Magazine has written an article about Ossmann’s work here. From
> their article a retro reflectors are described in the following quote.
> 
> One reflector, which the NSA called Ragemaster, can be fixed to a computer’s
> monitor cable to pick up on-screen images. Another, Surlyspawn, sits on the
> keyboard cable and harvests keystrokes. After a lot of trial and error,
> Ossmann found these bugs can be remarkably simple devices – little more than
> a tiny transistor and a 2-centimetre-long wire acting as an antenna.
> 
> The HackRF comes in to play in the following quote
> 
> Ossmann found that using the radio [HackRF] to emit a high-power radar signal
> causes a reflector to wirelessly transmit the data from keystrokes, say, to
> an attacker. The set-up is akin to a large-scale RFID- chip system. Since the
> signals returned from the reflectors are noisy and often scattered across
> different bands, SDR’s versatility is handy, says Robin Heydon at Cambridge
> Silicon Radio in the UK.
> 
> Ossmann will present his work at this years Defcon conference in August.
> 

-- 
T: @onetruecathal, @IndieBBDNA
P: +353876363185
W: http://indiebiotech.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140703/30193e73/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140703/30193e73/attachment-0001.sig>