A truly paranoid analyst would check that these things that look like a resistor or diode actually are resistors and diodes. That may not be easy, as they could contain a tiny cpu and a few bits of flash memory that change the behavior from “resistor” to something else after x power ups or, using an on-board real-time clock, at a given date, or that run in parallel to the resistor or diode. A simple RFID chip already could be somewhat of use to spies.
Even simpler, that “resistor” could contain a tiny microphone and a radio transmitter (getting reasonable audio quality and reasonable radio range likely would be a challenge, but that’s what big budgets are for).
But didn't think much further of it as that can be a dark rabbithole to go down. Then Snowden leaks came out, and it turned out technology was an active, hostile and full scale warzone.
These are not unreasonable thoughts to have now. Even if you prove one of these fans is safe, it does not prove that an individual has not been targeted with a fan with a payload.
Also, don't discount the entire circuit being the bug.
Does he ever explain how the tricks work?
Here is the schematic for the 3LEDs & 0 switches video liked by GP - https://plus.google.com/photos/116398424278304767741/album/5...
I don't understand the electronics, but the logic is hidden inside the 9 volt battery connector.
The LEDs contain LC filters, tuned such that they'll light (visibly) when the appropriate frequency is applied. Touching the wire in different places creates a different parasitic load, which is detected by one of the comparators. That comparator then toggles the clock generator for the appropriate frequency, turning that LED off or on.
As with all of his circuits it's a brilliantly simple idea implemented in a ridiculously constrained space.
Some people over train in model-space and are unable to make thoughts that occur outside of that universe.
"Russia spied on foreign powers at last month’s G20 summit by giving delegations USB pen drives capable of downloading sensitive information from laptops" - https://www.telegraph.co.uk/news/worldnews/europe/russia/104...
They weren't really unreasonable thoughts to have back then, they may have just seemed unreasonable.
1. If you're that paranoid, don't plug stuff in to your USB ports EVER.
2. If you're going to put a malicious device in this thing, connecting it to VConn isn't a good idea - since you'd have to be hoping that whatever you've plugged into is insecure at a hardware level in quite a specific way that there's no evidence of.
3. There seem to be easier ways to hack visitors to singapore - like getting physical access to their laptop.
In the US, it's as easy as Customs giving you a choice: 1) sit in a room indefinitely or 2) let them take your device into another room for an hour or so. Definitely a case of this: https://www.xkcd.com/538/
If you''re that paranoid then is any consumer hardware safe these days? Almost undetectable hardware could be slipped into to just about any device and they're mostly manufactured in a country hostile to personal freedom or countries under their influence.
The future is probably riscv style open hardware but that will need to be combined with local fabrication facilities.
The big question is whether RISC-V is open enough for such purposes.
"One distinctive feature of the bus is the possibility of using only two wires: data and ground. To accomplish this, 1-Wire devices include an 800 pF capacitor to store charge and power the device during periods when the data line is active."
You can buy devices that put an entire JVM inside a two-terminal component, of similar physical size.
Supply journalists with harmless USB devices. Then pass around a fully weaponised PDF.
For the those that think malware in PDF's are history, here's a link to 2 zero days found just this march.
Having done security for many years, especially user security, I can say with certainty that some people are this dumb.
Pretty unlikely though.
Of course all of this is entirely speculative. Maybe this design was cheaper to produce or simply shown to be sturdier compared to a smaller alternative.
It could even be that they had an earlier circuitry design that was slightly larger and then they realized it could be simplified but at that point that had ordered the chassis.
Multilayer PCBs are commonplace, and a stealthy version which does not show the layers at the edge of the board and encapsulates ICs is not a stretch.
All that said I agree with the sentiment in other posts here that this attack vector is so obvious that the likelihood is higher that this is simple trolling. Then again, that kind of 'discovery' trolling also provides signals intelligence, of a kind, in observing the reactions to it.
Jokes aside. My guess would be that it is highly unlikely a half decent secret service would use such a method to spread a virus or a trojan. On the other hand, I would also guess that no serious journalist will contemplate using a free device provided by a rogue nation just in case.
I disagree. While tech-minded journalists may be aware of the risks of untrusted USB devices, the same cannot be expected of everyone; even if they know that USB drives are potentially dangerous (already a crapshoot, even in some tech-related jobs), people unfamiliar with computers may not realize that the same risks apply to all USB-powered devices.
It's possible he put the date on which he plans to more formally publish or present it.
Seriously, this has all the alarmist fear mongering of the Cuban embassy sonic weapon mystery, but none of the smoking gun who-dunnit clues.
People are going to be chasing their tails on this one, wondering if the fan rotors spin at resonating speeds to give off infra-sonic beam-forming geolocation signals, and that's after they sample scrapings from 1000 different components in a gas chromatograph mass spectrometer only to find that they were some standard chinese USB components, purchased in bulk orders months ago, but had arrived too late for Olympics swag and were basically left-overs.
It's funny, but I think the volume of this knee-jerk reaction caused more damage than an actual attack could have.
If North Korea was going to try and swindle it's way onto targeted USB interfaces, I'd have to imagine that they'd attempt a level of indirection (at least one), and launder the swag through a secondary shell entity, like some shady third-world press corps gadfly to the event.
If they hadn't thought of that before (even though I'm sure they already do think that way), this hair-on-fire reaction has certainly taught them to do so, unconditionally, going forward.
It would appear I’d make a better spy than the author would make a security analyst.
Penn Jilette has given interviews on what mindset is needed to trick people. One basic rule is that people will gravely underestimate the lengths he is willing to go to in order to trick the audience.
I’m not saying this is a spying device. I am merely pointing out that the author shed no light on whether it is.
For your entertainment: https://youtu.be/WvXKSSmItls
The moving fan motor could act a simple microphone.
This "analysis" is so superficial that I thought it was a joke at first. At the very least the device should be completely disassembled and/or X-rayed.
It was done in the '80s with much less advanced technology: http://www.cryptomuseum.com/covert/bugs/selectric/
A serious secret service would use more up to date methods.
I, for one, appreciate the show.
It was most likely some organiser just organising swag for the conference, who didn't think about the implications because they weren't aware of them.
Never attribute to malice that which is adequately explained by stupidity (well, ignorance in this case).
Why would the North Koreans go through the trouble of buying a bunch of fans on Aliexpress just to make some security people freak out?
What about inside PCB, motor stator, USB connector, etc.
Must be some example of Cambridge on how to NOT to do anything..