Hacker News new | comments | ask | show | jobs | submit login
Ghostbuster: Detecting the Presence of Hidden Eavesdroppers [pdf] (illinois.edu)
82 points by lainon 4 months ago | hide | past | web | favorite | 9 comments

Anyone interested in this should read the book Spycatcher[1]. It covers a bit of this and was even banned in certain countries.

[1] https://en.wikipedia.org/wiki/Spycatcher

The Thing [2] is also worth reading. Soviet Union was well-aware that RF/LO leakage was being constantly monitored by the NSA, so they made a passive eavesdropping device in 1945, that didn't use a power supply. Instead, when eavesdropping was needed, an agent near the field would transmit an unmodulated carrier wave at 330 MHz, which was received by The Thing with an antenna and tuned circuit, thus activates the device. The recording is then rebroadcasted at a higher harmonic frequency. When the device is inactive, it's almost impossible to detect.

[2] https://en.wikipedia.org/wiki/The_Thing_(listening_device)

I remember when i first heard of this, i was so amazed at the cleverness of the whole thing.

The Thing is also known as "The Great Seal Bug".

Banned so publicly that it was regularly on the evening news, and so was a roaring success.

Basically, using side-channel RF leakage to eavesdrop the eavesdropper who uses your side-channel RF leakage to eavesdrop you... Reminded me the old "radar-detector-detector detector" hoax edit from Wikipedia (https://www.reddit.com/r/wikipedia/comments/4a3tfm/in_1982_t...). But unlike other EM side-channel attack, RF local-oscillator leakage is a historically known attack vector since WW2.

> This RF leakage, however, is extremely weak and buried under noise and other transmitted signals that can be 3-5 orders of magnitude larger. Hence, it is missed by today’s radios. We design and build Ghostbuster, the first device that can reliably extract this leakage, even when it is buried under ongoing transmissions, in order to detect the hidden presence of eavesdroppers.

Would just putting the device in a little faraday cage mitigate this?

I too have the same question.

But even if it were to work in a Faraday Cage, the real life application would be really tough to implement. Owing to the fact that →

1) We don’t know how big the Cage should be.

2) There could be possibly many benign gadgets in the Cage’s sphere which could be unnecessarily affected.

Good question. What if the eavesdropping device has TEMPEST certification, or is it possible to design one...

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact