surveillance

38 Articles

Edward Snowden Introduces Baby Monitor For Spies

December 24, 2017 by 25 Comments

Famed whistleblower [Edward Snowden] has recently taken to YouTube to announce Haven: an Open Source application designed to allow security-conscious users turn old unused Android smartphones and tablets into high-tech monitoring devices for free. While arguably Haven doesn’t do anything that wasn’t already possible with software on the market, the fact that it’s Open Source and designed from the ground up for security does make it a bit more compelling than what’s been available thus far.

Developed by the Freedom of the Press Foundation, Haven is advertised as something of a role-reversal for the surveillance state. Instead of a smartphone’s microphone and camera spying on its owner, Haven allows the user to use those sensors to perform their own monitoring. It’s not limited to the camera and microphone either, Haven can also pull data from the smartphone’s ambient light sensor and accelerometer to help determine when somebody has moved the device or entered the room. There’s even support for monitoring the device’s power status: so if somebody tries to unplug the device or cut power to the room, the switch over to the battery will trigger the monitoring to go active.

Thanks to the Open Source nature of Haven, it’s hoped that continued development (community and otherwise) will see an expansion of the application’s capabilities. To give an example of a potential enhancement, [Snowden] mentions the possibility of using the smartphone’s barometer to detect the opening of doors and windows.

With most commercially available motion activated monitor systems, such as Nest Cam, the device requires a constant Internet connection and a subscription. Haven, on the other hand, is designed to do everything on the local device without the need for a connection to the Internet, so an intruder can’t just knock out your Wi-Fi to kill all of your monitoring. Once Haven sees or hears something it wants you to know about it can send an alert over standard SMS, or if you’re really security minded, the end-to-end encrypted Signal.

The number of people who need the type of security Haven is advertised as providing is probably pretty low; unless you’re a journalist working on a corruption case or a revolutionary plotting a coup d’etat, you’ll probably be fine with existing solutions. That being said, we’ve covered on our own pages many individuals who’ve spent considerable time and effort rolling their own remote monitoring solutions which seem to overlap the goals of Haven.

So even if your daily life is more John Doe than James Bond, you may want to check out the GitHub page for Haven or even install it on one of the incredibly cheap Android phones that are out there and take it for a spin.

Continue reading “Edward Snowden Introduces Baby Monitor For Spies”

Inside An Amateur Bugging Device

November 12, 2017 by 32 Comments

[Mitch] got interested in the S8 “data line locator” so he did the work to tear into its hardware and software. If you haven’t seen these, they appear to be a USB cable. However, inside the USB plug is a small GSM radio that allows you to query the device for its location, listen on a tiny microphone, or even have it call you back when it hears something. The idea is that you plug the cable into your car charger and a thief would never know it was a tracking device. Of course, you can probably think of less savory uses despite the warning on Banggood:

Please strictly abide by the relevant laws of the state, shall not be used for any illegal use of this product, the consequences of the use of self conceit.

We aren’t sure what the last part means, but we are pretty sure people can and will use these for no good, so it is interesting to see what they contain.

Continue reading “Inside An Amateur Bugging Device”

Hack Your Own Samsung TV With The CIA’s Weeping Angel Exploit

April 26, 2017 by 57 Comments

[Wikileaks] has just published the CIA’s engineering notes for Weeping Angel Samsung TV Exploit. This dump includes information for field agents on how to exploit the Samsung’s F-series TVs, turning them into remotely controlled spy microphones that can send audio back to their HQ.

An attacker needs physical access to exploit the Smart TV, because they need to insert a USB drive and press keys on the remote to update the firmware, so this isn’t something that you’re likely to suffer personally. The exploit works by pretending to turn off the TV when the user puts the TV into standby. In reality, it’s sitting there recording all the audio it can, and then sending it back to the attacker once it comes out of “fake off mode”.

It is still unclear if this type of vulnerability could be fully patched without a product recall, although firmware version 1118+ eliminates the USB installation method.

The hack comes along with a few bugs that most people probably wouldn’t notice, but we are willing to bet that your average Hackaday reader would. For instance, a blue LED stays on during “fake off mode” and the Samsung and SmartHub logos don’t appear when you turn the TV back on. The leaked document is from 2014, though, so maybe they’ve “fixed” them by now.

Do you own a Samsung F-series TV? If you do, we wouldn’t worry too much about it unless you are tailed by spies on a regular basis. Don’t trust the TV repairman!

Low-cost Video Streaming With A Webcam And Raspberry Pi

November 25, 2016 by 32 Comments

Some people will tell you that YouTube has become a vast wasteland of entertainment like the boob tube before it. Live streaming doesn’t help the situation much, and this entry level webcam live-stream server isn’t poised to advance the art.

We jest, but only a little. [Mike Haldas] runs a video surveillance company that sells all manner of web-enabled cameras and wondered what it would take to get a low-end camera set up for live streaming. The first step was converting the Zavio webcam stream from RTSP (real-time streaming protocol) to the standard that YouTube uses, RTMP (real-time messaging protocol). Luckily, FFmpeg handles that conversion, so he compiled it for his MacBook Pro and set up a proof of concept. It worked, but he needed a compact solution that would free up his laptop. Raspberry Pi to the rescue – after loading a bunch of libraries and a four-hour build and install of FFmpeg, the webcam was streaming 1080p video of [Mike]’s sales office. He was worried that the Pi wouldn’t have the power needed for the job, and that it would be unstable. But as of this writing, the stream below has been active for six days, and it’s riveting stuff.

Raspberry Pis are a staple in the audio streaming world, like this pro-grade FM broadcast streaming rack or this minuscule internet radio streamer. And of course there’s this quick and dirty, warm and fuzzy streaming baby monitor.

Continue reading “Low-cost Video Streaming With A Webcam And Raspberry Pi”

Raspi, GPS, USB hub and battery hooked together

NSA Technology Goes Open Hardware

May 2, 2014 by 27 Comments

When [Edward Snowden] smeared the internet with classified NSA documents, it brought to light the many spying capabilities our government has at its disposal. One the most interesting of these documents is known as the ANT catalog. This 50 page catalog, now available to the public, reads like a mail order form where agents can simply select the technology they want and order it. One of these technologies is called the Sparrow II, and a group of hackers at Hyperion Bristol has attempted to create their own version.

The Sparrow II is an aerial surveillance platform designed to map and catalog WiFi access points. Think wardriving from a UAV. Now, if you were an NSA agent, you could just order yourself one of these nifty devices from the ANT catalog for a measly 6 grand.  However, if you’re like most of us, you can use the guidance from Hyperion Bristol to make your own.

They start off with a Raspi, a run-of-the-mill USB WiFi adapter, a Ublox GY-NEO6MV2 GPS Module, and a 1200 mAh battery to power it all. Be sure to check out the link for full details.

Thanks to [Joe] for the tip!

Hacking And Philosophy: Surveillance State

December 30, 2013 by 78 Comments

hnpss

If you don’t live under a rock (though you may want to now) you probably saw yesterday’s article from Spiegel that revealed the NSA has its own catalog for spy gadgets. Today they released an interactive graphic with the catalog’s contents, and even if you’re not a regular reader of Hacking & Philosophy, you’re going to want to take a look at it. I recommend glancing over IRATEMONK, in the “Computer Hardware” category. As the article explains, IRATEMONK is

An implant hidden in the firmware of hard drives from manufacturers including Western Digital, Seagate, Maxtor and Samsung that replaces the Master Boot Record (MBR).

It isn’t clear whether the manufacturers are complicit in implanting IRATEMONK in their hardware, or if the NSA has just developed it to work with those drives. Either way, it raises an important question: how do we know we can trust the hardware? The short answer is that we can’t. According to the text accompanying the graphic, the NSA

…[installs] hardware units on a targeted computer by, for example, intercepting the device when it’s first being delivered to its intended recipient, a process the NSA calls ‘interdiction.’

We’re interested to hear your responses to this: is the situation as bleak as it seems? How do you build a system that you know you can trust? Are there any alternatives that better guarantee you aren’t being spied on? Read on for more.

Continue reading “Hacking And Philosophy: Surveillance State”

Man Tracks Children Using A Quadcopter

December 2, 2012 by 65 Comments

child-tracking-quadcopter

Instead of walking his kid to the bus stop like he used to, [Paul Wallich] lets this quadcopter watch his son so he doesn’t have to. It is quite literally an automated system for tracking children — how wild is that?

The idea came to him when wishing there was a way to stay inside the house during the winter months while still making sure his kid got to the bus stop okay. [Paul] picked up a quadcopter kit and started looking at ways to add monitoring. He found the easiest technique was to include a cellphone and watch via a video chat app. But that is only part of the build as he would still have to fly the thing. After searching around he found a beacon that can be placed in the backpack. It has a GPS module, an RF modem, and runs a stripped down Python scripting shell. Whenever the GPS data changes (signaling his son is on the move) it uplinks with the quadcopter and gives it the new coordinates.

This goes a long way to making your family a police state. May we also recommend forcing the children to punch a time clock?

[via: theGrue]