ไม่สามารถเล่นวิดีโอนี้
ขออภัยในความไม่สะดวก
How Hackers Could Wirelessly Bug Your Office
ฝัง
- เผยแพร่เมื่อ 28 ก.ค. 2016
- You think about securing your laptop, but what about your desk phone, monitor, or printer?
In the second episode of Can I Hack It?, made possible by Mr Robot on Amazon Prime, white hat hacker Ang Cui demonstrates hacks on “embedded devices”-objects that contain computing systems but that you wouldn’t necessarily think of as computers.
At his office in New York, Cui shows us how he can turn an office phone or printer into a bugging device using a piece of malware he calls “funtenna.” This exploit makes the equipment transmit data over radio frequencies so it can be picked up by an antenna-without the hacker ever having to go near the device.
It’s a pretty high-level hack, but as Cui says, if he’s thought of it, you can imagine someone else has.
Click here to watch Mr. Robot on Amazon Prime: amzn.to/29zli1w
Subscribe to MOTHERBOARD: bit.ly/Subscrib...
Follow MOTHERBOARD
Facebook: / motherboardtv
Twitter: / motherboard
Tumblr: / motherboardtv
Instagram: / motherboardtv
More videos from the VICE network: www. vic...
I think the most important part of hacking is having as many windows open as possible. Preferably with scrolling multicolored text.
Max Hale that’s how you can tell they are deep in it.
Not true. You forgot the flashy fingers gliding across the keyboard like it's a race against time.
Max Hale when in command prompt do "color a" there. You are a hacker now. Congrats.
@@iKingRPG just do base64 -w 0 < /dev/urandom
@@rabbitdrink what does that do?
Sponsored by Amazon, the biggest collector of customer/consumer data on the planet.
Second biggest after Google IIRC. Also, don't forget about Microsoft and Apple.
& they still aint worth a damn thing.
Don't forget about the NSA.
Jesus Christ They're not a collector of customer/consumer data. They're a collector of *_EVERYONE'S_* data.
Falcrist What's the difference? Don't forget that government is a business. It's an overly large and cumbersome organization structured so that parts of it can make some people a lot of money.
It's called RF imposition. The Russians used this technique to bug the US Moscow embassy in the 70's. At the time, it required a very large antenna to collect the signals. Basically, the vibrations of the molecule of air (i.e. sound) will make any object in the room also vibrate, and that includes electronic circuit boards. As per Maxwell equations, as mentioned by the chap, a vibrating electronic circuit board, even if switched off, will generate an electronic signal. It then becomes just a matter of collecting that signal.
You can bug me all you want, I have put a sticker tape on my phone's camera. All you can get is me moaning.
I'd rather get my girlfriend moaning thank you.
Fuckin hell William you sausage
and keylogs, and passwords and usernames, and facebook profiles which have pictures ;D
Benjamin Lafever yup that good old spyware
moan your mother's Maiden name and that should be it.
0:45 holy shit that setup!
Those 2 Dell monitors are just crazy!
2 dell monitors and a shit apple keyboard
***** i have a mechanical keyboard, 10k dpi mouse, h440 case with i5 4590 and a 760 but my monitor is a boring 1920x1080 60Hz dell :(
The funniest thing is that the chair is as expensive as one of those monitors.
jaqb17 Gotta love it
If this guy figured it out what has the NSA been able to do for the last 15 years
The government agencies have way better systems than demonstrated here. I can neither confirm nor deny its existence.
The POC being explained here is nothing new by no means! In the early 90's, Cult Of The Dead Cow (Hacker Group) went before Congress to speak about such things. They had fears that, if they can do it... so could other people. They spoke about a method known as tempest ( en.wikipedia.org/wiki/Tempest_(codename) ). They've known about this ability for quite some time now. It's just become super easy, since the advent of Wifi based devices!
I know it sounds impossible but I know a retired officer who use to work in a prison system back in the 90s. They used a database of files on all of their prisoners on an off grid intranet that could only be accessed via the prison system. Well it just so happened the FBI showed up asking for two prisoners that needed to be taken in for classified reasons not even telling the sheriff the reason for it. They pulled out a piece of paper with a screenshot of the two prisoners files which was obviously screenshotted from a computer within the off grid database. They had never been to the prison system before and it would have been impossible to gain access to the information over the internet since every computer was offline. The Sheriff asked the two agents how did they get that information as only that single prison system had it, the agent told the sheriff that it was classified information on how they obtained the screenshot from within the prison. The agents left with the two prisoners and told the sheriff that they were never there. Either two things I can think of that happened. "A" Their was an undercover agent disguised as a cop working their downloading information to a drive and sending it to the FBI which sounds kind of stupid considering they could have just asked the sheriff for the files on the prisoners or "B" They gained access through the power lines somehow.
the data storage facility in utah, the big one, has internet but they used the term 'airgapped' to describe all the connections to the outside world.
Question should be "what can they *not* do"
I like how the thumbnail just says motherboard with a guy pointing to a motherboard
I was searching this comment
@@daxutuc me too lol
what they are doing is super underappreciated. wired devices with embedded systems really need to start insulating components so that no information leaves the device wirelessly
Yep & my laptop is a Republic of Gamer's unit & even though I didn't know about
blue-tooth for my pc, my neighbor did know & was busy trying to gain access
when I caught him red handed...... When I buy again It'll be decked out in the
best defensive stuff I can get/set-up. It really sucks how they violate people.
peace
my understanding is that those devices are being used to jump from one device to another to transmit data that customers want to have transmitted - or have signed off on. Maybe a frig manufacturer wants customer usage info for marketing or product design reasons, for example.
This is one of the key reasons why following PCB design guidelines For Reduced EMI is so critical :P
Just shield the entire thing after finishing the population process
@@mrinalthakur3459 thats perfect and cheap also
@@RDHDShorts not cheap.
All my devices are wearing tin foil hats, including me.
By the way this is second time I see red balloon mentioned in security tech, looks like they're about to become pretty big. Good luck guys.
Good to now that we have willy billys support
The critical piece of information he gave is that there has to be an entry point into your network, and for him it was a CV containing malware. 80% of attacks are initiated this way, so - secure your endpoints or get decent mail service guys and gals...
Six years later and this exploit has yet to be seen in the wild
The problem with these old hacks, is that they are super easy to defend. People who have sensitive data use better printers, and not stupid ones obviously.
Feels like Motherboard is cranking up the paranoia on "everything hackers".
@@shenshenani5913 motherboard is NOT for analysts and other security professionals it's for uninformed tech illiterate people.
the real hackers to be afraid of are the ones in government. They are spying on you right now.
Properly shielding electronics would make them not vulnerable to this hack. But the hack is still quite clever. All it takes is a thin sheet metal cover over the circuit boards to absorb almost all the emitted radio waves.
2 hours after this video was posted that guy disappeared from outside his apartment.
You could say that every electronic device has it.... because what they are doing is turning an PCB copper path into transmitting antenna by quickly changing voltages and generating EM field. But there is a catch... you would not normally have connected a printer and a VoIP phone on the same corporate network. Meaning it has to go through either managed switch or a router - in which case there is a high chance that there would be a firewall rule to drop the packet.
You could build all this, or pay Google or Amazon for the feeds they continuously collect from devices you use everyday. Even using a VPN Service is of marginal benefit if you’re going to authenticate to any of your online accounts, as those accounts and your devices registering to networks are going identify you when you authenticate. That said, what this team is doing is really important work, as these devices are very vulnerable, and for all of the dollars we spend securing PC’s and Tablets, a good pen test will show you how vulnerable your voice and printing devices are as well...this team takes it to a level.
"through the network" is the key phrase. It's easy if you have direct access to the devices that you want to exploit if they're 2 feet away from you, like shown in the video, but if you're outside the network, you'll still need to bypass layers of security to get your software through.
Still, pretty cool though.
I would work for this guy for free just to gain knowledge
LOL WOW THIS KID FIGURED OUT WHAT SOME OF US HAVE BEEN BRUTALIZING FOR 20 YEARS AND MORE
For most, if not all embedded devices it's not possible to flash a microcontroller by JTAG or bootloader without extra external hardware. Also, devices without a dedicated antenna wouldn't be abled to transfer any reliable signal... And what about RF shields...
yes, i thought about this limitations too. even with new devices with possibility to upgrade firmware via internet there will be phisical limitations on transmitting power and receiving range, even if you use low bitrate protocol like LORA.
But how powerful (in watts) is the transmission
he receives only few meters away, i think it is not powerful
It kills me how people talk about how they’re so surveilled by the gov but are spied on and robbed (through tech) by their fellow man.
Actually, all this is already in play in every household. It is very easy to confirm yourself what this video says. Take that part
at 2:25 minutes about switching on the microphone on the phone (i think he mentioned switching the input/output ports). What he meant was just switching on the handsfree on the phone on without you knowing and without having the led light come on. When this happens, the microphone now on just completes the induction loop system that is your home. Now all your conversations are reflected in the magnetic modulations in the wiring in your home. All converted to FR signals etc and software radio will pick this up. But more so is that all the buzzes and pings and white noise sounds in your living space will modulate to your thinking, with that microphone in your phone switched on. Hence your thinking can be known by anybody who is listening or anybody who knows how to read tonal modulations. It is like learning a new language and with time you should be able to listen to your thinking in all the appliances around your home. But that is what they are doing at the moment.
If there is such a thing as the funtenna software then they will get them downloaded via either your phone line or your internet line. In some cases they are both the same line. If you want to hear this signal coming into your home to switch on the handsfree for a listen in, you can do this by attaching an induction loop receiver to the access point for your phone line. You only need to tape it to the access point gadget - it will pick up the magnetic fluctuations from the phone access point.
All this has been foretold. And this is the type of crap that makes low tech or no tech so much more desirable.
please add part 1 in description so i can see full series
thank you
3:15.....oh god that look....they've already bugged us all burn everything!
So its not the wifi antenna inside the printer sending the signal? It must be?
the London look X D
what?
He was referring to the gap between her teeth :)
Its supposed to mean the leather jacket black leather boots etc
London has fallen. Like the movie
Can this also be done using fm 📻 instead of am ? Why use such a low band frequency is that to avoid getting caught on car radio ? What’s up with that ?
Now that's is what i am talking about. Hacking with a tiny mother board.
6:42 "...and what makes it particularly impressive is how it can transmit data using radio frequencies..."
wow!...wait...
groundbreaking technology here
Speakers can be microphones. *Takes out buzzer from the motherboard.
Anything that has RF in it thats embedded, uses the ARM archetechture :D. Lifes good
I suspected that HR ATS can be hacked trough applications, but didn't think it was as easy as he explained.
Those dudes had no idea what to do with themselves with a cute girl that close to them!
What would you do?
@@elck3 business as usual my dude
Thats why I don’t use any technology and none in my possession.
I am now commenting through a wooden stick and a rock tie to an owl.
1:02 My phone is very insecure. Most of the time, it can't gather the courage to show me notifications when I get a text message. Unfortunately, phones still aren't accepted in therapy.
Motherboard video with a motherboard in the thumbnail. About time.
Next how hackers can steal your lunch from the break room cuz it definitely was not Ron
I don't think that any of Maxwell's equation has anything to say about the feasibility of hacking embedded devices.
It sounds scholarly though.
THEY HAD A VIPER MK II IN THAT SHELVE !!!AWESOME GUYS!
Where? Kindly mention time.
@@hajiosama9352 im sorry but this was 2 years ago, no chance that i would be able to remember that. Id have to rewatch the entire thing again
"Cheap radio is called Tom Cruise..." LoL
I'm switching to analog phone after watching this.
Analogue is not very secure at all
Nsa has already been doing this years ahead.
Just look at DangerMouse
***** its the code name for the Nsa program that listens in on your phone call and monitors them
Snowden leaked documents on how NSA spying on their own people some 3 years ago.... You live in a cave or something......
Yes, it's well known, you can have a look to the "NSA Ant Catalog". But hacking to RF without modifications on a non emitting device is almost impossible because the signal will most likely be very small, maybe under the noise level. If you have wifi on a printer, you may be able to hack the wifi to transmit data via RF.
And way more then we know ....
Funny how all of the "common office equipment" was "hacked by software only, never touching it"... Yet every one of them had their cases removed, wires hanging out, ribbon cables jumbled out the sides, alligator clips roughly plugged in supplying power, lol... None of this was done elegantly over a network via software. But instead, all of it is hypothetical via hardware mods, physically turning electronics into radios by adding RF transmitters to them... which is the large PCB hanging off of the ribbon and alligator clips. And if we are really pretending that we are sending RF out of circuitry which has no radio, no antenna, no tuner what so ever... and just glossing over the hardware issues there, pretending you can turn any resister, capacitor, and IC into a transmitter... Well, as a radio engineer who develops tower technologies / installs said tech, I can tell you that they would (if they could) transmit all of about a half an inch in distance... at best. Without dedicated amplifiers, tuned antennas, and a frequency capable of both distance and some level of penetration, it would be hopeless. And seeing as how most inexpensive two way radios, which are built for this task, can't even do all that well in a commercial building environment... i highly doubt your magic phone radio made out of software that looks like PCB's hanging off of ribbon cables out of the back of a busted open but never touched office phone is going to do much better. This entire piece is basically fluff...
You COMPLETELY missed what the fellow was talking about. It CAN and HAS been done for years...by NSA. Danger Douse was their program from over 10 years ago. He piggybacks on that. No microphone, no speaker, fuck with the currents going through them, they then emit radio energy in predefined contexts which can be picked up with SDR equipment and then decoded. The disassembled parts were for testing purposes. The stuff attached was to show there REALLY is stuff going on but to prove it, it has to be disassembled. Jesus, and to think people like you probably vote....
Then tell me how can a printer without any antenna emit any radio frequencies?
Colson Xu install malware on device which can be done remotely (that’s why a resume was sent to force someone to open and send the malware to printer) afterwards the wires and components of the device can be turned into radio transmitters. That’s why it’s called hacking, to change its original purpose into something that it wasn’t intended to do. The device is then FORCED to emit radio signals to a radio receiver using software instead of hardware and an AM antenna. A transmitter is a different kind of antenna that does the opposite job to a receiver since it turns electrical signals into radio waves that can travel thousands of kilometers around the earth. Hacking might not be your thing if your unable to search for knowledge since that’s what hackers do, they critically think and search for answers, rather then demand them.
Please use google when you ask such stupid questions. Do you know any current passing over a conductor produces EMF? Start there and use google
Its demonstration in this video, secondly the devices were taken apart to discover and then test these exploits, whereby they can then access them remotely and exploit what was DEMONSTRATED in this video.
0:55 My boy eating Noodles and Sriracha!...
0:55, is that guy in his undewear? hahah
IT LOOKS LIKE IT LMAO good eye
I am so happy to have a hacker as a friend.
i'm suspecting my neighbor is running some kind of illegal business famously known as "macau scamming" or "money game". everyday i saw more new recruit coming to his house every morning and never leave the door. they rarely come out and always hiding in house and everyday call for delivery. do you have any tech advice or solution?
We had all better behave.
Soooo, what programming languages (and overall knowledge) is required in order to do something like this?
Stanis Baratheon well you'll have to know how to reflash hardware using the network, creat an ai that will find the best wire to use as antenna for your signal .. knowledge about radio signals and modulation, you'll have to know how to write a hex firmware for a phone , printer or whatever you're hacking .
it's not always just software, sometimes it's hardware, like eprom, and processing, like how I never would have figured out how signals are processed if I never learned the basics of electronic hardware, and a bit of software.
also signals are generated by a electromagnetic inductor, using a analog signal, it reaches the other thing, and from there the analog ports on the processor turn the analog signal into digital signals, which are interpreted into binary.
analog= wavy signal
digital= sharp signal
Well, moast of these things run some sort of linux and most devices just pass UI commands trough as root. Although this might not work on all devices. since some of them have a full on metal enclosure to reduce EMI. But then again. There is already a Botnet of IOT so I'm not surprised of anything anymore.
Why not point a laser beam at the window you want to evesdrop into, then am / fm modulate instead of all that ?
Trust these guys to reference Neuromancer! Excellent work.
So is this hack going to be involved one of the next episodes of Mr Robot? Pretty cool!
Hey, he used the word "theory" in the correct context! That's more impressive than the skills, or maybe an indicator of why he has them.
What if an office only used talking cups? How do you tap that?
HE'S SAYING that ANY WIRE that can be made to vibrate mechanically IS an antenna that transmits an EM field...NO NEED for an embedded microphone or RF module...ANYTHING THAT HAS WIRES can be forced to be a transmitter...SCARY! [BTW NO printer manufacturer worries about security...they say: "That's the CUSTOMER'S PROBLEM! We make PRINTERS!]
Some of those guys have setups to die for D:
Ijr
Lul ikr
Does this guy send resumes as an .exe?
:)
With such kind of wireless bugging. Is there any device/method to detect such bugging?
Fantana technique is used by military people sending code messages through sound.
Typically the door is wide open. This seems to be a bit excessive.
Lol that was right next to the printer! he should demonstrate if bit further away!
I wonder too what the range of the antennas of regular non-wireless printers and phones are... The receiving and is less of an issue, you'd just need a bigger antenna and better amps.
Any wifi capable device can be hacked from anywhere
mr magoo
Well, theoretically yes. But the method they suggest is a little less brute force and seems much more sneaky. The phones needn't be wifi capable either.
I'm wondering why there hasn't been a Die Hard 4 scenario yet.. maybe someone is gearing up to make it extra spectacular?..
I had this idea all the time but didn't knew it was possible.
Wow white hat hacker is generous teaching others free of cost, hence succeeded in fooling every one that he is not helping his hacker dudes. Nice game man
Nice! May work well in open areas but not through bunkers of concrete.
Time to put metal shielding in between isolation material when building my house :)
The house across the street was built with chicken wire throughout in the late 1800s and they can't get an internet signal and most places cannot send packages there because they say their address cannot be found!
This guy has a dream job
OK, I know this is not really the point of this video, but the used phone here was officially considered "End of Life" since January 2015. I wonder if his malicious software could still be loaded to currently used models/firmware (considering there are still other 79XX Models which are officially supported by Cisco)
I wonder why signals aren’t encrypted? I guess it could cause latency but signals in which you can easily just read its binary and convert is crazy, and that it’s just a string and not wrapped inside of packets
The men in black jacket only smile while enjoying their coffee break..
uploaded by "motherboard", tumbnailof a guy pointing on a motherboard....
this is the type of magic i would do if i was a magician lol. best hacker
Hacking and Machine learning Engineering are the most researched skills sets on the Market right now.......
still
walala wow its so intresting how we are vulnerable no matter where...
+Samuel Mason It's an expression that comes from the French voilà which literally means see there.
Whats really interesting is that George Orwell had this figured out a long time ago and now we sit watching it happen to us in bewildered fascination...
When you say it in french it's pronounced vwallah. French is my second language.
*+00 Gaudie* But your mouth has to actually make an *O* along the way, which is why plain "va" misses the mark.
Samuel Mason Yeah exactly, but after the V add a W sound like vwah. That's how they pronounce where I live.
suddenly theme from Syndicate starts to play in my head
TEMPEST is a U.S. National Security Agency specification and a NATO certification referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations. TEMPEST covers both methods to spy upon others and how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC).
In a world that demands certification to prove our qualifications. How does a hacker prove that he is 'white hat', especially in his alone time.
Pay them enough to not want to be black hat
@@Clay7744 because 'enough' will always be sufficient? :))
@@dave.h4075 Then we make them kings (im a pen tester)
@@Clay7744 I guess the point I was trying to make is that one doesn't simply come out of the hive looking for the job unless someone spills the beans all be it few in some cases.
Would the hacker have to have access to the network that the phone/printer is on, in order to send it the software to produce RF signals of the audio?
Yah that bit rate is awesome
How did it start with the resume?
Is there a video talking about security vulnerabilities in hardware like processors and such.
Finds out massive exploit in phones... Uses a apple keyboard
Sgt UltraKill the fuck does this even mean
means a lot
Evan Knight an*
Evan Knight Apple*
Evan Knight Also have you ever heard of NSA? Google DangerDouse.
fkin KNEW it. i couldnt prove it but i had a strong feeling this was possible
dont you need a printer which has wireless connectivity (wifi, bluetooth etc ) to hack it and send RF data to hackers pc?
wow!, i wish to work and learn from and with these guys they look well talented
Some how He's looks so happy about it
So these are the kids who fuck with my internet
why is motherboard now focusing on fear mongering to the non tech literate? Most hardware hacking relies on being with the machine this means....digital hacking is still a long and time intensive process.
I didnt see it as fear mongering. Seemed to me like those guys were eager to show just the capabilities are possible and educate the masses.
what capabilities? Hacking some phones apart and figuring out how to create a miniscule RF signal? a signal so weak that you would have to be in the room. right next to the printer to even detect. and did you see the processing speed? like a word a minute man, they spy will stand there like an idiot going hea man i just have to print something for 14 days straight. Just saying, nothing to fear people, as long as you have a mobile device, what ever country holds the company will probably have way to spy on you.
So once again, wtf are you talking about, "educating", any reasonably educated man will see this video and laugh.
You do realize they could easily amplify their AM antenna receiver and be able to receive signals a few blocks away.
You can`t. RF signals are pretty weak (even if you build a monstrosity antenna, the signal that is sending will be week and you will not get it unless you are in the same room). I have a problem connecting to me WIFI on the second floor (using a 400$ WIFI ROUTER and external 100$ WIFI antena), imagine how big the antenna on the phones and printer are..
Directional antenna, and your only "recieving" the signal... your extracting data. thats not the same as weak wifi, thats also on a very very busy frequency (probably why its so "weak" for you aswell) all the neighbours uses Wifi, bluetooth is on wifi, alott of IoT devices, and some of those wireless led controled lamps might not be on wifi or bt, they are often on 2.4Ghz (or 433Mhz, wich also can be full of noise). get an directional antenna, send data out multiple times with a small checksum and wait a few hours for the password to be send over... im sure at night it even gets better. at day you collect and at night you recieve it. github.com/fulldecent/system-bus-radio
well this is a bit ( no pun intended)scary. this is from 2016 can you imagine what is going on in 2020?
*You can't hack our office,we all use Incognito Mode*
0:59 I didnt know you could bug a racing drone. What are you going to do turn the motors on and off?
Holy f***, this is so advanced.
wow id love to meet these guys an collaborate on projects
ok now im gunna go make my house's walls out of lead brb
adequately constructed faraday cage enclosing your office.
nice to see victoria back in these vids