Vibrosight Hears When You are Sleeping. It Knows When You’re Awake.

No matter how excited you are to dive headfirst into the “Internet of Things”, you’ve got to admit that the effort and expense of going full-on Jetsons is a bit off-putting. To smarten up your home you’ve generally got to buy all new products (and hope they’re all compatible) or stick janky after-market sensors on the gear you’ve already got (and still hope they’re all compatible). But what if there was a cheap and easy way to keep tabs on all your existing stuff? The answer may lie in Cold War era surveillance technology.

As if the IoT wasn’t already Orwellian enough, Vibrosight is a project that leverages a classic KGB spy trick to keep tabs on what’s going on inside your home. Developed by [Yang Zhang], [Gierad Laput] and [Chris Harrison], the project uses retro-reflective stickers and a scanning laser to detect vibrations over a wide area. With this optical “stethoscope”, the system can glean all kinds of information; from how long you’ve been cooking something in the microwave to whether or not you washed your hands.

The project takes its inspiration from the optical eavesdropping system developed by Léon Theremin in the late 1940’s. By bouncing a beam of light off of a window, Theremin’s gadget was able to detect what people inside the room were saying from a distance. The same idea is applied here, except now it uses an automated laser scanner and machine learning to turn detected vibrations into useful information that can be plugged into a home automation system.

For Vibrosight to “listen” to objects, the user needs to place retro-reflective tags on whatever they want to include in the system. The laser will periodically scan around the room looking for these tags. Once the laser finds a new tag, will add it to a running list of targets to keeps an eye on. From there Vibrosight is able to take careful vibration measurements which can provide all sorts of information. In the video after the break, Vibrosight is shown differentiating between walking, jogging, and running on a treadmill and determining what kind of hand tools are being used on a workbench. The team even envisions a future where Vibrosight-ready devices would “hum” their IP address or other identifying information to make device setup easier.

If all this talk of remote espionage at a distance has caught your interest, we’ve covered Theremin’s unique surveillance creations in the past, and even a way to jam them if you’re trying to stay under the radar.

Continue reading “Vibrosight Hears When You are Sleeping. It Knows When You’re Awake.”

Cell Phone Surveillance Car

There are many viable options for home security systems, but where is the fun in watching a static camera feed from inside your place? The freedom to really look around might have been what compelled [Varun Kumar] to build a security car robot to drive around his place and make sure all is in order.

Aimed at cost-effectiveness and WiFi or internet accessibility, an Android smartphone provides the foundation of this build — skipping the need for a separate Bluetooth or WiFi module — and backed up by an Arduino Uno, an L298 motor controller, and two geared DC motors powering the wheels.

Further taking advantage of the phone’s functionality, the robot is controlled by DTMF tones. Using the app DTMF Tone Generator and outputting through the 3.5mm jack, commands are interpreted by a MT8870DE DTMF decoder module.While this control method carries some risks — as with many IoT-like devices — [Kumar] has circumvented one of DTMF’s vulnerabilities by adding a PIN before the security car will accept any commands.

He obtains a live video feed from the phone using AirDroid in concert with VNC server, and assisted by a servo motor for the phone is enabled to sweep left and right for a better look. A VNC client on [Kumar]’s laptop is able to access the video feed and issue commands. Check it out in action after the break!

Continue reading “Cell Phone Surveillance Car”

34C3: Microphone Bugs

Inspiration can come from many places. When [Veronica Valeros] and [Sebastian Garcia] from the MatesLab Hackerspace in Argentina learned that it took [Ai Weiwei] four years to discover his home had been bugged, they decided to have a closer look into some standard audio surveillance devices. Feeling there’s a shortage of research on the subject inside the community, they took matters in their own hands, and presented the outcome in their Spy vs. Spy: A modern study of microphone bugs operation and detection talk at 34C3. You can find the slides here, and their white paper here.

Focusing their research primarily on FM radio transmitter devices, [Veronica] and [Sebastian] start off with some historical examples, and the development of such devices — nowadays available off-the-shelf for little money. While these devices may be shrugged off as a relic of Soviet era spy fiction and tools of analog times, the easy availability and usage still keeps them relevant today. They conclude their research with a game of Hide and Seek as real life experiment, using regular store-bought transmitters.

An undertaking like this would not be complete without the RTL-SDR dongle, so [Sebastian] developed the Salamandra Spy Microphone Detection Tool as alternative for ready-made detection devices. Using the dongle’s power levels, Salamandra detects and locates the presence of potential transmitters, keeping track of all findings. If you’re interested in some of the earliest and most technologically fascinating covert listening devices, there is no better example than Theremin’s bug.

Continue reading “34C3: Microphone Bugs”

Edward Snowden Introduces Baby Monitor for Spies

Famed whistleblower [Edward Snowden] has recently taken to YouTube to announce Haven: an Open Source application designed to allow security-conscious users turn old unused Android smartphones and tablets into high-tech monitoring devices for free. While arguably Haven doesn’t do anything that wasn’t already possible with software on the market, the fact that it’s Open Source and designed from the ground up for security does make it a bit more compelling than what’s been available thus far.

Developed by the Freedom of the Press Foundation, Haven is advertised as something of a role-reversal for the surveillance state. Instead of a smartphone’s microphone and camera spying on its owner, Haven allows the user to use those sensors to perform their own monitoring. It’s not limited to the camera and microphone either, Haven can also pull data from the smartphone’s ambient light sensor and accelerometer to help determine when somebody has moved the device or entered the room. There’s even support for monitoring the device’s power status: so if somebody tries to unplug the device or cut power to the room, the switch over to the battery will trigger the monitoring to go active.

Thanks to the Open Source nature of Haven, it’s hoped that continued development (community and otherwise) will see an expansion of the application’s capabilities. To give an example of a potential enhancement, [Snowden] mentions the possibility of using the smartphone’s barometer to detect the opening of doors and windows.

With most commercially available motion activated monitor systems, such as Nest Cam, the device requires a constant Internet connection and a subscription. Haven, on the other hand, is designed to do everything on the local device without the need for a connection to the Internet, so an intruder can’t just knock out your Wi-Fi to kill all of your monitoring. Once Haven sees or hears something it wants you to know about it can send an alert over standard SMS, or if you’re really security minded, the end-to-end encrypted Signal.

The number of people who need the type of security Haven is advertised as providing is probably pretty low; unless you’re a journalist working on a corruption case or a revolutionary plotting a coup d’etat, you’ll probably be fine with existing solutions. That being said, we’ve covered on our own pages many individuals who’ve spent considerable time and effort rolling their own remote monitoring solutions which seem to overlap the goals of Haven.

So even if your daily life is more John Doe than James Bond, you may want to check out the GitHub page for Haven or even install it on one of the incredibly cheap Android phones that are out there and take it for a spin.

Continue reading “Edward Snowden Introduces Baby Monitor for Spies”

Inside an Amateur Bugging Device

[Mitch] got interested in the S8 “data line locator” so he did the work to tear into its hardware and software. If you haven’t seen these, they appear to be a USB cable. However, inside the USB plug is a small GSM radio that allows you to query the device for its location, listen on a tiny microphone, or even have it call you back when it hears something. The idea is that you plug the cable into your car charger and a thief would never know it was a tracking device. Of course, you can probably think of less savory uses despite the warning on Banggood:

Please strictly abide by the relevant laws of the state, shall not be used for any illegal use of this product, the consequences of the use of self conceit.

We aren’t sure what the last part means, but we are pretty sure people can and will use these for no good, so it is interesting to see what they contain.

Continue reading “Inside an Amateur Bugging Device”

Hack Your Own Samsung TV With The CIA’s Weeping Angel Exploit

[Wikileaks] has just published the CIA’s engineering notes for Weeping Angel Samsung TV Exploit. This dump includes information for field agents on how to exploit the Samsung’s F-series TVs, turning them into remotely controlled spy microphones that can send audio back to their HQ.

An attacker needs physical access to exploit the Smart TV, because they need to insert a USB drive and press keys on the remote to update the firmware, so this isn’t something that you’re likely to suffer personally. The exploit works by pretending to turn off the TV when the user puts the TV into standby. In reality, it’s sitting there recording all the audio it can, and then sending it back to the attacker once it comes out of “fake off mode”.

It is still unclear if this type of vulnerability could be fully patched without a product recall, although firmware version 1118+ eliminates the USB installation method.

The hack comes along with a few bugs that most people probably wouldn’t notice, but we are willing to bet that your average Hackaday reader would. For instance, a blue LED stays on during “fake off mode” and the Samsung and SmartHub logos don’t appear when you turn the TV back on. The leaked document is from 2014, though, so maybe they’ve “fixed” them by now.

Do you own a Samsung F-series TV? If you do, we wouldn’t worry too much about it unless you are tailed by spies on a regular basis. Don’t trust the TV repairman!

Low-cost Video Streaming with a Webcam and Raspberry Pi

Some people will tell you that YouTube has become a vast wasteland of entertainment like the boob tube before it. Live streaming doesn’t help the situation much, and this entry level webcam live-stream server isn’t poised to advance the art.

We jest, but only a little. [Mike Haldas] runs a video surveillance company that sells all manner of web-enabled cameras and wondered what it would take to get a low-end camera set up for live streaming. The first step was converting the Zavio webcam stream from RTSP (real-time streaming protocol) to the standard that YouTube uses, RTMP (real-time messaging protocol). Luckily, FFmpeg handles that conversion, so he compiled it for his MacBook Pro and set up a proof of concept. It worked, but he needed a compact solution that would free up his laptop. Raspberry Pi to the rescue – after loading a bunch of libraries and a four-hour build and install of FFmpeg, the webcam was streaming 1080p video of [Mike]’s sales office. He was worried that the Pi wouldn’t have the power needed for the job, and that it would be unstable. But as of this writing, the stream below has been active for six days, and it’s riveting stuff.

Raspberry Pis are a staple in the audio streaming world, like this pro-grade FM broadcast streaming rack or this minuscule internet radio streamer. And of course there’s this quick and dirty, warm and fuzzy streaming baby monitor.

Continue reading “Low-cost Video Streaming with a Webcam and Raspberry Pi”