DEF CON 22 - Michael Ossmann - The NSA Playset: RF Retroreflectors
ฝัง
- เผยแพร่เมื่อ 30 ธ.ค. 2014
- Slides Here: defcon.org/images/defcon-22/d...
Extra materials available here: defcon.org/images/defcon-22/d...
The NSA Playset: RF Retroreflectors
Michael Ossmann GREAT SCOTT GADGETS
Of all the technologies revealed in the NSA ANT catalog, perhaps the most exotic is the use of RF retroreflectors for over-the-air surveillance. These tiny implants, without any power supply, transmit information intercepted from digital or analog communications when irradiated by radio signals from an outside source. This modern class of radar eavesdropping technology has never been demonstrated in public before today. I've constructed and tested my own RF retroreflectors, and I'll show you how they work and how easy they are to build with modest soldering skills. I'll even bring along some fully assembled units to give away. Now you can add RF retroreflectors to your own NSA Playset and play along with the NSA!
Michael Ossmann is a wireless security researcher who makes hardware for hackers. Best known for the open source HackRF, Ubertooth, and Daisho projects, he founded Great Scott Gadgets in an effort to put exciting, new tools into the hands of innovative people. - วิทยาศาสตร์และเทคโนโลยี
6 yeard and I'm still trying to figure out the basics. Thank you!
Tell me about it i love these nsa playset talks cant get enough
Thanks for sharing!!! I'm an RF noob, and I just got a hackRF and Ettus USRP N210 with a lot of boards for it. I love learning about this stuff! Very fascinating to me.
so happy 😁 to find this thank you so much for the presentation
I had a lot of fun listening to the tones of the key presses on my TRS-80 PC2 on my GE clock radio back in the early 80s...
He's a very talented public speaker. Great job
Handsome too
A little trivia: the soviet spying device they display at 11:00 was invented by Léon Theremin, the same guy who invented the musical instrument
Swet. I have a Theremin I'm getting rid of.
I haven't touched it in years.
and the father of RFID kind of
@@funkosaurus1 I hope u kept it iv always wanted one
This is a lot on how you can a 808 Laser to read vibrations off an idem ,reflected back to to a censer that can decode to auto output.
very interesting..would try
Great talk on Research Gaps or rather Black holes nature of radio art and sciencey things at technical beings.
The Wizard of Oss.........#bestman
We can view what you're dreaming wirelessly now - we can visualize wifi signals and see through any building - we can read the vibration on a window plane of what someone is saying in real time.
Reminds me of the "Bill Swearingen - HAKC THE POLICE - DEF CON 27 Conference" talk. The radar talk lol. That was 2 years ago - is this something that came out of that open source work? Very interesting. (Did this talk influence and help the Bill Swearingen work? I mean - Just to be clear.)
Ah, yes, RF illumination... The Great Seal incident immediately comes to mind.
Need more Michel osman.. More.. More more mkre.
what about "massive attacks"? :)
I may not be a hacker nor engineer yet but I sure noticed during this conference I That what the n s a maybe using is something that usually depends on any ordinary current like hacking WiFi or just look up wireless leds from strange parts from TH-cam for example
Info on great seal bug incorrect. Wasn't in an embassy, was in UN security council chamber in New York. Was discovered by ham -British as I recall- operator who also worked at UN and realized what he stumbled on shouldn't have been broadcast. He reported signal to authorities, which finally led to discovery. Seal was a gift to UN by Russians.
OOOOH! Goood old Trojan-horse rides again!
Neither of these are true, it was hung in the Spaso House, which was the US ambassador's residence in Moscow.
How will the NSA detect quantum mechanical designed bugs ?
As far as countermeasures, a Faraday cage may be the best bet at the moment. Unless you know the frequency being used (1-4ghz??) to attack you and you can flood that frequency with lots of random noise (non random noise could possibly be deciphered from looking at [+/-]interference, but then we are outside the range of active RF-Retroreflective talks.)
Cant you make one with a rpi4?
I think I can prove the NSA can/does calculate the precise location of users of the "hidden services" BEFORE they are allowed to use the "hidden services". What should I do? Who would I report it to?
Your Mama
Is this the technology created by Joseph Theremin for the self named Theremin musical instrument?
Leon Theremin (Lev Sergeyevich Termen)
Well in a pretty old book written in the soviet era, it seems that westerners were a lot more in the dark about these tools than we were
No kidding. What was the book?
Now. .. I enjoyed watching this and all. .. But what's the RF Retroreflector really suppose to do? Is it like a Sonar canceller? Would firing this up cause a DOS to Radio frequencies? I'm confused as to what is supposed to do.
.
You solder the retroflectors inline with the data on a device and with another RF device, you can read the device with the retroflector from a distance. The sine waves he showed is the pulse that a PS/2 keyboard sends when you press the key "Q" from what I understand.
It's a way to snoop on signals from a distance, but you use a passive "reflector" instead of an active "transmitter". If you watch old spy movies or shows like "Get Smart" they would plant "bugs" on people or in rooms, that transmitted a signal (like audio from the room). But this is bad because it requires a power source, which makes the device bigger and easier to locate, and because the active transmission from the device can be detected any time it is transmitting. Hence the old idea of "sweeping for bugs".
With this "reflector" idea, the "bug" doesn't transmit a signal of its own. A separate transmitter transmits into the room, and the mere presence of the "reflector" affects the transmitted signal in a way that can be detected by monitoring the same frequency you're transmitting on. It the extent to which it tweaks the transmitted signal is driven by some signal you want to monitor (like the data line of a PS/2 keyboard cable) you can decode the signal you want to snoop on, by looking at how the signal from the transmitter gets distorted.
In the latter model, the "bug" is smaller, needs no power source (eg a battery or whatever), and doesn't really transmit a signal of its own, which would theoretically make it much harder to locate.
There are some over-simplifications in what I just wrote, I but I think that captures the basic essence of the idea.
Countermeasures: one winding coil, and an ever changing capacitor, like the combinations of a varicap with ntc (temperature censor) and ldr (to detect light).
That's a actually a great idea, I'll try it out this week when I get proper equipment.
@Ura Fag Very simple, it has to be passive and for ever as much changes as possible, light is oftener changing then the room temperature.
What replaced it?
How many think there is alot of unknown data passed over HF shortwave now that 3G data speeds are possible, especially considering relatively few care to monitor HF and are mostly monitoring IT infrastructure, I.E.... Nelly O.? Hard to block or jam a station sending ALE 3G running 1.5 kilowatts transmit power, especially at random times on various HF bands with a mobile magnetic loop antenna. Bad part being, if your RF gear is really close to the 30 kv cap, it goes pooooof...
Is this what we call now "AirGap"?
Basically a fancy name for an RF tag
How it's done > 10:40
So, RF-shielding is going to get even more important, and the new 5G Cellphone net will be passively illuminating stuff with 5GHz - tinfoil-hats ON!
Searching for hidden patents? Attempt for a patent on something similar to the thing that should be patented but isn't.
People in the audience have no idea
retro reflection was researched way before the 40s, you aren't using the right terms to findthem, because they were not yet defined. There are literally papers from the 1880's discussing it.
where would one learn about "hacking" (very broad term)?
Hacking is the application of knowledge and critical thinking to make something do something it wasn't designed to do, so you'll need to be more specific.
Seeing as this is a defcon video I will assume you mean either rf, software, hardware, network, wifi, Bluetooth, phreaking, etc. etc. which one interests you most?
Chad Calvert sorry for the post spam, this is kinda stream of conscience. The very first thing I suggest is to download Kali linux on your computer. It is a free Debian distribution of Linux that comes preloaded with all the tools you need to practice many different forms of hacking, such as: HID attacks, fuzzing, debugging, scripting, programming, MitM, software defined radio, Metasploit, MAC spoofing, badUSB, brute forcing, dictionary attacks, DDoS (if that counts), SSL stripping, arp poisoning(a more specific type of MitM attack), hash passing, stack bashing, cookie injection, SQL injection (goes without saying) and so on. Hacking, more specifically information security in this case (infosec, or antisec if you are more of a rebel), is an art form which requires knowledge of computer, cryptological, social and communications processes so that one can identify weakness in a given system so as to fix or exploit them. A more accurate term for this is "cracking".
***** Chad Calvert Appreciate all the info you listed. I would be looking more towards software. Defiantly going to check out Kali Linux. Thanks for taking the time to elaborate. :D
+Isiah F Hackaday.com shows all kinds of hacks
one in 22,000 doesnt like this.... Thats a fine ratio.... Or a hack result.....
+Frabbledabble I only see 159 linkes and 3 dislikes. Where are those 22'000 likes?
+Leo Curious nono, one of 22,000 views :-)
Encourage leaks by crowd sourcing Bitcoin $ to pay for them. untraceable money and leakers can stay private.
bitcoin is the most traceable currency ever devised. every active bitcoin wallet on earth contains a plain-text record of every bitcoin transaction ever completed. combined with the right opsec practices, it is possible to use bitcoin as part of a system to dissociate one's legal identity from activities carried out using bitcoin, but just using bitcoin doesn't make it even really all that inconvenient to identify you. pseudonymous =/= anonymous
Thanks to 3rd party advertising and tracking of everyone - it's easy - very easy - to passively intercept data and even man in the middle it and shoot it back out.
aka. BACKSCATTERING