For as long as small, hidden radio transmitters have existed, people have wanted a technology to detect them. One of the more effective ways to find hidden electronics is the nonlinear junction detector, which illuminates the area under investigation with high-frequency radio waves. Any P-N semiconductor junctions in the area will emit radio waves at harmonic frequencies of the original wave, due to their non-linear electronic response. If, however, you suspect that the electronics might be connected to a dangerous device, you’ll want a way to detect them from a distance. One solution is harmonic radar (also known as nonlinear radar), such as this phased-array system, which detects and localizes the harmonic response to a radio wave.
One basic problem is that semiconductor devices are very rarely connected to antennas optimized for the transmission of whatever harmonic you’re looking for, so the amount of electromagnetic radiation they emit is extremely low. To generate a detectable signal, a high-power transmitter and a very high-gain receiver are necessary. Since semiconductor junctions emit stronger lower harmonics, this system transmits in the 3-3.2 GHz range and only receives the 6-6.4 GHz second harmonic; to avoid false positives, the transmitter provides 28.8 decibels of self-generated harmonic suppression. To localize a stronger illumination signal to a particular point, both the transmit and receive channels use beam-steering antenna arrays.
In testing, the system was able to easily detect several cameras, an infrared sensor, a drone, a walkie-talkie, and a touch sensor, all while they were completely unpowered, at a range up to about ten meters. Concealing the devices in a desk drawer increased the ranging error, but only by about ten percent. Even in the worst-case scenario, when the system was detecting multiple devices in the same scene, the ranging error never got worse than about 0.7 meters, and the angular error was never worse than about one degree.
For a refresher on the principles of the technology, we’ve covered nonlinear junction detectors before. While the complexity of this system seems to put it beyond the reach of amateurs, we’ve seen some equally impressive homemade radar systems before.
There is an urban legend that during the construction of the American embassy in Moscow, for logistical reasons local contractors were used to do the concrete work.
The KGB allegedly snuck hundreds of thousands of small diodes with their legs soldered into a loop into the concrete pours, thus scattering them all over the building and introducing so much background response that bug-finding methods like this would be ineffective.
Dunno whether that’s really true or not, but it makes for a great spy-vs-spy legend.
Sounds like a fun folk tale.
This article is super cool. I wish it were approachable at home. I could see some alternate use cases for devices like these!
Not a folk tale. A low-cost “solution” they implemented for counter-counterintelligence.
Real story.
Sounds like a plausible, cheap, and very effective way to do.
I wonder how effective this would have been. For a microphone or any other active device to transmit, it can’t be in the concrete (because, well, you need to power it somehow). So it must be on the wall or in the room, thus, with detectability of of 0.7m of the device can easily discriminate the true device from a concrete embedded diode (Americans could also simply move their furniture 70cm away from the master walls) for being 100% sure.
IMHO, it’s much easy to install a acoustic converging mirror in the wall with whatever material, so that the sound of a room would be focused toward a window where they would be able to listen remotely, completely undetected. The dumber, the better.
The point wasn’t to create an active device, but to introduce devices that would throw this sort of detection process off by introducing hundreds of false positive results.
https://en.wikipedia.org/wiki/The_Thing_(listening_device)
Power can be supplied remotely, as demonstrated by this bug.
A bug in concrete may not be useful for hearing anything though.
Theremin designed The Thing in the 1940’s, and it was easily capable of transmitting voice over radio without having a power source connected. They put it in the US embassy and it ran for years before someone discovered it.
We don’t know what surveillance technology has come up with in the last 80 years but I bet it’s better than what he built.
This story is partially true but exaggerated—the KGB did embed objects in the concrete during the Moscow embassy construction, including unconnected diodes, but the reality was far more sophisticated than a simple countermeasure tactic.
Construction of the new U.S. Embassy in Moscow began in 1979 using Soviet workers and precast concrete materials fabricated off-site at KGB-controlled facilities. U.S. officials discovered in 1985 that the building was massively compromised, leading to it being described as “an eight-story microphone”.
U.S. counterintelligence did find that Soviet workers had “secreted a vast array of objects within the concrete used in the embassy structure,” including unconnected diodes. However, these weren’t the primary bugging mechanism—they were likely decoys designed to distract from the building’s true capabilities.
The reality was more sophisticated than scattered diodes:
Structural components as sensors: Entire concrete pillars, beams, and door frames were engineered to function as listening devices and antennas
Reinforcing rods as antennas: Steel rebar was cut to varying lengths to serve as antenna arrays
Advanced power sources: Devices like the “Batwing” power source could last 100 years, powered by building vibrations and steam pipes
Mock-up testing: The Soviets built a full mock-up facility outside Moscow to test the surveillance capabilities before final assembly
The building was eventually deemed unusable, and President Reagan considered razing it entirely. It was finally occupied in 2000 after extensive remediation.
ERP of 74 dBm is about 25kW. I’m sure the transmit duration is minuscule, but it sounds like a difficult device to construct without using restricted ITAR/EAR items.
and without killing any nearby pacemakers.
They have 30-40 dB of antenna gain leaving “just” 30-40 dBm of feed power, I’m not entirely sure if they use fully digital beamforming or not, that may be an ITAR component. Cost is probably 5-10k though.
Non linear junction detectors have been a thing for decades. Cool to see a whitepaper on the technique though. The downside of them is that, they use huge output power, enough to be a risk to the operator. They detect ALL electronics, not just bugs. And they even detect rusty or dissimilar metal joints. Afik sweeping a room requires basically tearing the whole room apart and spending several days carefully scanning it. Only really practical for offices and meeting rooms of heads of state.
Back in the 80’s I had interference from another AM in town bleeding into the hifi AM WBAA at Purdue, no FM source. It came and went with lots of jumping on the floor and such after much searching it came down to the gas pipe barely touching the water pipe in the basement.
I wished for a way to localize it without hammering on the house. A shim of plastic and it’s gone. It would be nice to clean house or shack of similar RF problems before the weird stuff shows up.