The man leaned over his creation, carefully assembling the tiny pieces. This was the hardest part, placing a thin silver plated diaphragm over the internal chamber. The diaphragm had to be strong enough to support itself, yet flexible enough to be affected by the slightest sound. One false move, and the device would be ruined. To fail meant a return to the road work detail, quite possibly a death sentence. Finally, the job was done. The man leaned back to admire his work.
The man in this semi-fictional vignette was Lev Sergeyevich Termen, better known in the western world as Léon Theremin. You know Theremin for the musical instrument which bears his name. In the spy business though, he is known as the creator of one of the most successful clandestine listening devices ever used against the American government.
Continue reading “Theremin’s Bug: How the Soviet Union Spied on the US Embassy for 7 Years”
On September 21, “Premium” 0day startup Zerodium put out a call for a chain of exploits, starting with a browser, that enables the phone to be remotely jailbroken and arbitrary applications to be installed with root / administrator permissions. In short, a complete remote takeover of the phone. And they offered $1 million. A little over a month later, it looks like they’ve got their first claim. The hack has yet to be verified and the payout is actually made.
But we have little doubt that the hack, if it’s actually been done, is worth the money. The NSA alone has a $25 million annual budget for buying 0days and usually spends that money on much smaller bits and bobs. This hack, if it works, is huge. And the NSA isn’t the only agency that’s interested in spying on folks with iPhones.
Indeed, by bringing something like this out into the open, Zerodium is creating a bidding war among (presumably) adversarial parties. We’re not sure about the ethics of all this (OK, it’s downright shady) but it’s not currently illegal and by pitting various spy agencies (presumably) against each other, they’re almost sure to get their $1 million back with some cream on top.
We’ve seen a lot of bug bounty programs out there. Tossing “firmname bug bounty” into a search engine of your choice will probably come up with a hit for most
firmnames. A notable exception in Silicon Valley? Apple. They let you do their debugging work for free. How long this will last is anyone’s guess, but if this Zerodium deal ends up being for real, it looks like they’re severely underpaying.
And if you’re working on your own iPhone remote exploits, don’t be discouraged. Zerodium still claims to have money for two more $1 million payouts. (And with that your humble author shrugs his shoulders and turns the soldering iron back on.)
Do you need to keep tabs on the kids while they browse the Internet? How about your husband/wife – do you suspect they are dabbling in extra-curriculars on the side? Hey, you’ve got your
insecurities reasons, we won’t judge. We will however, show you what [Jerry] over at Keelog has been working on lately.
While the company sells hardware keylogger kits online, [Jerry] has relied on, and understands the importance of open source. Since we all benefit from things being open, he is giving away all of the details for one of his most recent projects, a wireless keylogger. The keylogger plugs in to a PC’s PS/2 port, and wirelessly sends data to a nearby USB dongle up to 20 yards away, all in real-time.
A detailed parts list is provided, as are schematics, PCB masks, firmware, and assembly instructions. However, if you prefer the easier route, you can always buy the completed product or a DIY kit.
This isn’t the first open source keylogger he has released, so be sure to check out his previous work if you prefer a wired keylogging solution.