“Behind closed doors” has always been an irresistible place. All kinds of people – from friendly neighbors to international spies – desperately want to know about the things people try to keep private from the world. Especially what *businesses* like to keep private from the world. Corporate espionage (or “aggressive competitive research”?) is just part of doing business.
Like everything else in this digital age, this corporate ‘eavesdropping’ has evolved. Thanks to the Internet, spying has become much simpler and easier. Intelligence gathering through the web has become a huge source of information that hadn’t been available to previous generations of spies. But many of the old methods are still very valuable. “Local” eavesdropping is becoming more sophisticated than ever. These advanced eavesdropping approaches include laser targeting of windows to capture audio vibrations, the remote activation of laptop or smartphone cameras and microphones, and eavesdropping by submitting radiofrequency waves even through walls.
And it’s not always local competitors doing the spying! It used to be that companies were mainly targeted by domestic competitors, but nowadays the borders between private and state-sponsored intelligence gathering are blurred and intelligence agencies around the world are involved in economic espionage to benefit their own national economies.
Major, well-funded players are not the only threat to privacy and intellectual property. Argentinean security researchers Veronica Valeros and Sebastian Garcia have demonstrated the ease with which a dedicated hacker can fabricate eavesdropping equipment from everyday materials to an interested audience at the world’s largest hacker conference, 34th Chaos Communication Congress in Leipzig, Berlin, on December 28th.
It turns out, eavesdropping equipment can be fabricated using cheap everyday items – because today’s “everyday items” are becoming more and more (and often unnecessarily) technologically sophisticated and connected. Yes, the good old Internet of Things rearing its head once again. Most useful for eavesdropping are of course devices that already work on a radiofrequency basis.
For example, the baby monitor Beurer BY 84 has a transmission reach of 800 meters. (Clearly necessary, as Valeros said, since apparently parents expect to leave their baby a few blocks away and still use their baby monitor?!) These monitors can easily be tapped from the outside and provide attackers with a direct line into people’s private homes.
They also studied how these homegrown devices might be sabotaged by those that they were supposed to eavesdrop on. Not so easily, it turns out. The trick of turning up your radio to drown out a bug doesn’t work. With common audio editing software, voice streams can be cleaned sufficiently to understand the content of conversations again.
However, cheap homegrown spying tools can be battled with cheap, homegrown countermeasures: Valero and Garcia have developed a software tool in Python that only requires a software-defined radio dongle (for example a DVB-T TV tuner) to detect hidden microphones in the environment. The tool, called Salamandra, will even calculate the distance to the hidden microphone, greatly improving your chances to identify and remove it.
So, as always, the race between attackers and defenders goes on – however, attackers, as always, seem to have a narrow lead.
Dr Christina Czeschik is a writer and consultant specialized in information security, digital privacy, and Blockchain. Originally a doctor, she has slipped into the infosec pool by way of cryptoparties, and never quite been able to climb out again.