At Def Con 22, Philip Polstra, an associate professor of digital forensics at Bloomsburg University of Pennsylvania, presented “Am I being spied on: Low-tech ways of detecting high-tech surveillance.”
Technical Surveillance Counter Measures (TSCM) are usually expensive and used to detect corporate espionage. Yet after the Snowden revelations, we learned regular folks might be victims of high-tech spying via implanted hardware, software or firmware. Why should you care? Polstra pointed out, “Our government’s assault on the Constitution is pretty well known.” But there’s a chance someone else could also be spying on you, like someone you’ve ticked off or a jealous and suspicious significant other.
Polstra set out to help people determine if they are victims of spying via video surveillance, audio eavesdropping, or devices embedded in smartphone, tablets or computers. He also covered how to tell if they are being tailed. He said, “Choose your level of paranoia.” You can “detect many spying activities at no cost,” but the “truly paranoid can still test without financial ruin.”
Detect hidden cameras for video surveillance
According to Polstra, all night vision cameras share a common “flaw” of infrared lights in the lenses. Although you can’t see infrared light with your eyes, it is what allows a camera to keep up surveillance in the dark. If you think there might be small hidden cameras in your house or business, then you can use your smartphone to find out.
When a room is dark, he suggested turning on your smartphone camera and slowly scanning the room. If there are hidden cameras, then Polstra said you will be able to see the flare of infrared from the covert camera through your phone’s display. If you don’t have a smartphone, but do have a digital camera, then you can use that to look for evidence of being under video surveillance.
He had additional tips for detecting wireless cameras such as using an app to detect a wireless ad hoc network that the surveillance devices are using to communicate with each other. He called airodump-ng an “easy way” to search for wireless cameras, but listed more sophisticated methods such as using Python. Although he proposed several moderately expensive methods, he said an inexpensive solution would be to use a BeagleBone-based system.
Detecting if you are being tailed
If you think you are being tailed, but don’t actually see anyone tailing you, then Polstra suggested turning on your vehicle’s AM radio. If your car has been tagged with a tracking device, then you should “hear a consistent and loud tone.” He added, “When you’re going places, don’t just look ahead. Look around…. Watch for those vehicles that go away and suddenly come back. Time it so you’re the last person to go through a traffic light…. Just park your car for no reason. Sit inside for a couple minutes. If you’re real paranoid get out of your car.”
Detecting covert audio surveillance
You can try the AM/FM analog radio trick if you are concerned about audio surveillance, but it will only work on the “simplest bugs.” An inexpensive method to detect active audio bugs, Polstra explained, is to use a USB TV tuner software defined radio (SDR). It can “detect signals in 50 MHz - 2 GHz” and “commercial bugs are usually 10 MHz - 8 GHz.” The flipside of that was presented at Def Con last year when security researcher Melissa Elliott showed how to spy on your neighbors by using a $10 USB dongle TV tuner.
Detecting bugs in your computing devices
Although we know the NSA or FBI black bag team can snag devices during shipment and physically install spying implants, intercepted shipments are not the only way you could end up with covert bugs in your PC, tablet, smartphone or laptop. Polstra suggested it could be “spies in your local IT staff” or an enemy in your office.
He advised physically checking “every device connected to your computer, especially USB and network.” He also said you could crack open the case and look for obvious signs of a bug, or check for current leaks as a bug must have power to work. “Turned off devices shouldn’t draw any power.”
He said you could “modify a universal laptop power supply to detect current leakage. For laptop or phone, remove the battery and measure current with device 'off;' current flow indicates a possible bug." For tablets, Polstra said to "fully charge the battery and then measure the current flow." A "small current might indicate issue with charging circuit or battery;" but "if the current peaks when you speak or move in view of the camera, there may be a bug."
Polstra posted his presentation slides here.