Spying on Your Neighbours With a RTL-SDR

Tom’s Guide has a post by Paul Wagenseil on a lecture given by security researcher Melissa Elliott (better known as 0xabad1dea) at DEFCON on August 3rd. Elliott spoke about how a cheap $10 USB TV tuner dongle, better known to us as an RTL-SDR, can be used to pick up ‘accidental radio emissions’ which can then be used to fingerprint devices. Back in the 1970s the NSA had a program codenamed Tempest that was designed to investigate and study these compromising emanations. Elliott, who is a researcher at the security company Veracode in Boston, demonstrated using an RTL-SDR to pickup various emissions from electronic devices.

“I managed to go most of my life not knowing that my electronics were all leaking all of the signals that detail what they’re getting up in their private little electronic lives,” Elliott said.

But a visit to the U.S. National Radio Quiet Zone on the Virginia-West Virginia border, site of the world’s largest moveable radio-astronomy telescope, taught Elliott otherwise.

“Their biggest challenge to getting the science done is the very electronics that they need to measure and process the signal, because those same electronics blast the signal out at the sky,” Elliott said.

“They have a microwave oven, which is a Faraday cage” — a structure enclosed by a wire mesh to prevent electricity from getting in or out — “inside another Faraday cage, inside another room, which is also a Faraday cage,” she recalled. “That is how much they had to shield things just so they could reheat their pizza at 2 a.m.”

So Elliott found a website that sold USB tuners for $10, and found free software to tune and analyze the signals.

At DEF CON, she demonstrated how much radio noise electronic devices emit by using a netbook she bought for $50 on a trip to China. - Link to Story

The DEFCON Website gives this description of her talk:

If it’s electronic, it makes noise. Not necessarily noise that you and I can hear, of course – unless you know how to tune in. The air around us is filled with bloops, bleeps, and bzzts of machines going about their business, betraying their existence through walls or even from across the street. The unintentional noise lurking among intentional signals can even reveal what the machine is currently doing when it thinks it’s keeping that information to itself. Attacks exploiting electromagnetic radiation, such as TEMPEST, have long been known, but government-sized budgets are no longer needed to procure the radio equipment. USB television receiver dongles can be used as software-defined radios (SDR) that cost less than a slice of Raspberry Pi. The goal of this talk is to show you that anyone with twenty bucks and some curiosity can learn a great deal about your computers and other equipment without ever leaving a trace, and you shouldn’t neglect this risk when managing your organization’s security.

© 2021 RTLSDR.com. All rights reserved. Site Admin · Entries RSS · Comments RSS