
Ghostbuster: Detecting the Presence of Hidden Eavesdroppers [pdf] - lainon
https://synrg.csl.illinois.edu/papers/ghostbuster-mobicom18.pdf
======
pentestercrab
Anyone interested in this should read the book Spycatcher[1]. It covers a bit
of this and was even banned in certain countries.

[1]
[https://en.wikipedia.org/wiki/Spycatcher](https://en.wikipedia.org/wiki/Spycatcher)

~~~
bcaa7f3a8bbc
The Thing [2] is also worth reading. Soviet Union was well-aware that RF/LO
leakage was being constantly monitored by the NSA, so they made a passive
eavesdropping device in 1945, that didn't use a power supply. Instead, when
eavesdropping was needed, an agent near the field would transmit an
unmodulated carrier wave at 330 MHz, which was received by The Thing with an
antenna and tuned circuit, thus activates the device. The recording is then
rebroadcasted at a higher harmonic frequency. When the device is inactive,
it's almost impossible to detect.

[2]
[https://en.wikipedia.org/wiki/The_Thing_(listening_device)](https://en.wikipedia.org/wiki/The_Thing_\(listening_device\))

~~~
mxuribe
I remember when i first heard of this, i was so amazed at the cleverness of
the whole thing.

------
bcaa7f3a8bbc
Basically, using side-channel RF leakage to eavesdrop the eavesdropper who
uses your side-channel RF leakage to eavesdrop you... Reminded me the old
"radar-detector-detector detector" hoax edit from Wikipedia
([https://www.reddit.com/r/wikipedia/comments/4a3tfm/in_1982_t...](https://www.reddit.com/r/wikipedia/comments/4a3tfm/in_1982_the_us_military_funded_a_project/)).
But unlike other EM side-channel attack, RF local-oscillator leakage is a
historically known attack vector since WW2.

> _This RF leakage, however, is extremely weak and buried under noise and
> other transmitted signals that can be 3-5 orders of magnitude larger. Hence,
> it is missed by today’s radios. We design and build Ghostbuster, the first
> device that can reliably extract this leakage, even when it is buried under
> ongoing transmissions, in order to detect the hidden presence of
> eavesdroppers._

------
pwned1
Would just putting the device in a little faraday cage mitigate this?

~~~
godelmachine
I too have the same question.

But even if it were to work in a Faraday Cage, the real life application would
be really tough to implement. Owing to the fact that →

1) We don’t know how big the Cage should be.

2) There could be possibly many benign gadgets in the Cage’s sphere which
could be unnecessarily affected.

~~~
bcaa7f3a8bbc
Good question. What if the eavesdropping device has TEMPEST certification, or
is it possible to design one...

