Hackers reverse-engineer NSA’s leaked bugging devices
RADIO hackers have reverse-engineered some of the wireless spying gadgets used by the US National Security Agency. Using documents leaked by Edward Snowden, researchers have built simple but effective tools that can be attached to parts of a computer to gather private information in a host of intrusive ways.
The NSA’s Advanced Network Technology catalogue was part of the avalanche of classified documents leaked by Snowden, a former agency contractor. The catalogue lists and pictures devices that agents can use to spy on a target’s computer or phone. The technologies include fake base stations for hijacking and monitoring cellphone calls and radio-equipped USB sticks that transmit a computer’s contents.
But the catalogue also lists a number of mysterious computer-implantable devices called “retro reflectors” that boast a number of different surreptitious skills, including listening in on ambient sounds and harvesting keystrokes and on-screen images.
Because no one outside the NSA and its partners knows how retro reflectors operate, security engineers cannot defend against their use. Now a group of security researchers led by Michael Ossmann of Great Scott Gadgets in Evergreen, Colorado, have not only figured out how these devices work, but also recreated them.
Ossmann specialises in software-defined radio (SDR), an emerging field in which wireless devices are created in software rather than constructed from traditional hardware such as modulators and oscillators. Instead of such circuits, an SDR uses digital-signal-processing chips to allow a programmer to define the wave shape of a radio signal, the frequency it uses and the power level. It operates much like a computer’s sound card, but instead of making sounds or processing incoming audio, it makes and receives radio signals. And a single SDR can be changed to any band instantly, including AM, FM, GSM and Bluetooth.
“SDR lets you engineer a radio system of any type you like really quickly so you can research wireless security in any radio format,” says Ossmann.
An SDR Ossmann designed and built, called HackRF, was a key part of his work in reconstructing the NSA’s retro-reflector systems. Such systems come in two parts – a plantable “reflector” bug and a remote SDR-based receiver.