Eavesdropping By LED

If you ever get the feeling someone is watching you, maybe they are listening, too. At least they might be listening to what’s coming over your computer speakers thanks to a new attack called “glow worm.” In this novel attack, careful observations of a power LED on a speaker allowed an attacker to reproduce the sound playing thanks to virtually imperceptible fluctuations in the LED brightness, most likely due to the speaker’s power line sagging and recovering.

You might think that if you could see the LED, you could just hear the output of the speaker, but a telescope through a window 100 feet away appears to be sufficient. You can imagine that from a distance across a noisy office you might be able to pull the same trick. We don’t know — but we suspect — even if headphones were plugged into the speakers, the LED would still modulate the audio. Any device supplying power to the speakers is a potential source of a leak.

Continue reading “Eavesdropping By LED”

Hackaday Links Column Banner

Hackaday Links: July 4, 2021

With rescue and recovery efforts at the horrific condo collapse in Florida this week still underway, we noted with interest some of the technology being employed on the site. Chief among these was a contribution of the Israeli Defense Force (IDF), whose secretive Unit 9900 unveiled a 3D imaging system to help locate victims trapped in the rubble. The pictures look very much like the 3D “extrusions” that show up on Google Maps when you zoom into a satellite view and change the angle, but they were obviously built up from very recent aerial or satellite photos that show the damage to the building. The idea is to map where parts of the building — and unfortunately, the building’s occupants — ended up in the rubble pile, allowing responders to concentrate their efforts on the areas most likely to hold victims. The technology, which was developed for precision targeting of military targets, has apparently already located several voids in the debris that weren’t obvious to rescue teams. Here’s hoping that the system pays off, and that we get to learn a little about how it works.

Radio enthusiasts, take note: your hobby may just run you afoul of authorities if you’re not careful. That seems to be the case for one Stanislav Stetsenko, a resident of Crimea who was arrested on suspicion of treason this week. Video of the arrest was posted which shows the equipment Stetsenko allegedly used to track Russian military aircraft on behalf of Ukraine: several SDR dongles, a very dusty laptop running Airspy SDR#, an ICOM IC-R6 portable communications receiver, and various maps and charts. In short, it pretty much looks like what I can see on my own desk right now. We know little of the politics around this, but it does give one pause to consider how non-technical people view those with technical hobbies.

If you could choose a superpower to suddenly have, it really would take some careful consideration. Sure, it would be handy to shoot spider webs or burst into flames, but the whole idea of some kind of goo shooting out of your wrists seems gross, and what a nuisance to have to keep buying new clothes after every burn. Maybe just teaching yourself a new sense, like echolocation, would be a better place to start. And as it turns out, it’s not only possible for humans to echolocate, but it’s actually not that hard to learn. Researchers used a group of blind and sighted people for the test, ranging in age from 21 to 79 years, and put them through a 10-week training program to learn click-based echolocation. After getting the basics of making the clicks and listening for the returns in an anechoic chamber, participants ran through a series of tasks, like size and orientation discrimination of objects, and virtual navigation. The newly minted echolocators were also allowed out into the real world to test their skills. Three months after the study, the blind participants had mostly retained their new skill, and most of them were still using it and reported that it had improved their quality of life.

As with everything else he’s involved with, Elon Musk has drawn a lot of criticism for his Starlink satellite-based internet service. The growing constellation of satellites bothers astronomers, terrestrial ISPs are worried the service will kill their business model, and the beta version of the Starlink dish has been shown to be flakey in the summer heat. But it’s on equipment cost where Musk has taken the most flak, which seems unfair as the teardowns we’ve seen clearly show that the phased-array antenna in the Starlink dish is being sold for less than it costs to build. But still, Musk is assuring the world that Starlink home terminals will get down in the $250 to $300 range soon, and that the system could have 500,000 users within a year. There were a couple of other interesting insights, such as where Musk sees Starlink relative to 5G, and how he’s positioning Starlink to provide backhaul services to cellular companies.

Well, this is embarrassing. Last week, we mentioned that certain unlucky users of an obsolete but still popular NAS device found that their data had disappeared, apparently due to malefactors accessing the device over the internet and forcing a factory reset. Since this seems like something that should require entering a password, someone took a look at the PHP script for the factory restore function and found that a developer had commented out the very lines that would have performed the authentication:

    function get($urlPath, $queryParams=null, $ouputFormat='xml'){
//        if(!authenticateAsOwner($queryParams))
//        {
//            header("HTTP/1.0 401 Unauthorized");
//            return;
//        }

It’s not clear when the PHP script was updated, but support for MyBook Live was dropped in 2015, so this could have been a really old change. Still, it was all the hacker needed to get in and wreak havoc; interestingly, the latest attack may be a reaction to a three-year-old exploit that turned many of these devices into a botnet. Could this be a case of hacker vs. hacker?

Spy Tech: CIA Masks In Five Minutes Or Less

You know the old trope: James Bond is killed but it turns out to be someone else in an incredibly good-looking Sean Connery mask. Mission: Impossible and Scooby Doo regularly had some variation of the theme. But, apparently, truth is stranger than fiction. The CIA has — or at least had — a chief of disguise. A former holder of that office now works for the International Spy Museum and has some very interesting stories about the real masks CIA operatives would use in the field.

According to the video you can see below, the agency enlisted the help of Hollywood — particularly the mask maker from Planet of the Apes — to help them with this project. Of course, in the movies, you can take hours to apply a mask and control how it is lit, how closely the camera examines it, and if something goes wrong you just redo the scene. If you are buying secret plans and your nose falls off, it would probably be hard to explain.

Continue reading “Spy Tech: CIA Masks In Five Minutes Or Less”

Indoor Antennas Worthy Of 007

Many ham radio operators now live where installing an outdoor antenna is all but impossible. It seems that homeowner’s associations are on the lookout for the non-conformity of the dreaded ham radio antenna. [Peter] can sympathize, and has a solution based on lessons of spycraft from the cold war.

[Peter] points out that spies like the [Krogers] needed to report British Navy secrets like the plans for a nuclear boomer sub to Russia but didn’t want to attract the attention of their neighbors. In this case, the transmitter itself was so well-hidden that it took MI5 nine days to find the first of them. Clearly, then, there wasn’t a giant antenna on the roof. If there had been, the authorities could simply follow the feedline to find the radio. A concealed spy antenna might be just the ticket for a deed-restricted ham radio station.

The antenna the [Kroger’s] used was a 22-meter wire in the attic of their home. Keep in mind, the old tube transmitters were less finicky about SWR and by adjusting the loading circuits, you could transmit into almost anything. Paradoxically, older houses work better with indoor antennas because they lack things like solar cell panels, radiant barriers, and metallic insulation.

Like many people, [Peter] likes loop antennas for indoor use. He also shows other types of indoor antennas. They probably won’t do as much good as a proper outdoor antenna, but you can make quite a few contacts with some skill, some luck, and good propagation. [Peter] has some period spy radios, which are always interesting to see. By today’s standards, they aren’t especially small, but for their day they are positively tiny. Video after the break.

Continue reading “Indoor Antennas Worthy Of 007”

Inside The Top Secret Doughnut: A Visit To GCHQ

There’s an old joke that the world’s greatest secret agent was Beethoven. Didn’t know Beethoven was a secret agent? That’s why he was the greatest one! While most people have some idea about the CIA, MI6, and the GRU, agencies like the NRO and GCHQ keep a much lower profile. GCHQ (Government Communications Headquarters) is the United Kingdom’s electronic listening center housed in a 180 meter round doughnut. From there they listen to… well… everything. They are also responsible for codebreaking and can trace their origin back to Bletchley Park as well as back to the Great War. So what’s inside the Doughnut? National Geographic managed to get a tour of GCHQ and if you have any interest in spies, radios, cybersecurity, or codebreaking, it is worth having a look at it.

Of course, only about half of the GCHQ’s employees work in the Doughnut. Others are scattered about the UK and — probably — some in other parts of the world, too. According to the article, GCHQ had a hand in foiling 19 terrorist attacks, arresting at least two sex offenders, and prevented about £1.5 billion of tax evasion.

Continue reading “Inside The Top Secret Doughnut: A Visit To GCHQ”

Make Your Own Microdot

If you spent your youth watching James Bond or similar movies on rainy Saturday afternoons, then you may be familiar with a microdot as a top-secret piece of spy equipment, usually revealed as having been found attached to a seemingly innocuous possession of one of the bad guy’s henchmen, which when blown up on the screen delivers the cryptic yet vital clue to the location of the Evil Lair. Not something you give much thought in 2020 you might think, but that’s reckoning without [Sister HxA], who has worked out how to make them herself and detailed the process in a Twitter thread.

A microdot is a tiny scrap of photographic film, containing the image of some secret document or other, the idea being that it is small enough to conceal on something else. The example she gives is hiding it underneath a postage stamp. Because of their origins in clandestine work there is frustratingly little info on how to produce them, but she found a set of British instructions. Photographing a sheet such that its image occupies a small portion of her negative she makes a postage-stamp-sized one, and with care photographing that she manages to produce another of only a few millimetres in size. The smaller one isn’t very legible, but it’s still a fascinating process.

While we’re shopping at Q branch, how about an air-gun pen worthy of James Bond?

Tiny Transmitter Brings Out The Spy Inside You

When it comes to surveillance, why let the government have all the fun? This tiny spy transmitter is just the thing you need to jumpstart your recreational espionage efforts.

We kid, of course — you’ll want to stay within the law of the land if you choose to build [TomTechTod]’s diminutive transmitter. Barely bigger than the 337 button cell that powers it, the scrap of PCB packs a fair number of surface mount components, most in 0201 packages. Even so, the transmitter is a simple design, with a two transistor audio stage amplifying the signal from the MEMS microphone and feeding an oscillator that uses a surface acoustic wave (SAW) resonator for stability. The bug is tuned for the 433-MHz low-power devices band, and from the video below, it appears to have decent range with the random wire antenna — maybe 50 meters. [TomTechTod] has all the build files posted, including Gerbers and a BOM with Digikey part numbers, so it should be easy to make one for your fieldcraft kit.

If you want to dive deeper into the world of electronic espionage, boy, have we got you covered. Here’s a primer on microphone bugs, a history of spy radios, or how backscatter was used to bug an embassy.

Continue reading “Tiny Transmitter Brings Out The Spy Inside You”