Store and Forward Bugs are Child’s Play

In December 2016, we wrote an article which discussed the threat of bringing smart watches into sensitive areas and the concept of engaging a Technical Surveillance Counter Measures (TSCM) team to monitor meetings in real time for potential data transmission (eavesdropping). However, there is more than one way to skin a cat and the deployment of corporate espionage threats is no different. What if a TSCM sweep conducted the night prior to the client’s important meeting detected no suspicious transmissions and the real time monitoring also indicated no suspect communications? Does that mean no eavesdropping took place? Not necessarily….Audio and or video data could have been recorded and scheduled to be transmitted at a later date. This eavesdropping technique is often termed as Store and Forward Bugging.

The concept of ‘Store and Forward’ bugs is not new; however, such devices are (thankfully) generally not readily available over the counter at the local ‘Spy’ shop or EBay, they can be expensive and in our research, sometimes restricted to law enforcement.

Raspberry Pi store and forward bug TSCM

Children and computer enthusiasts around the world have in recent years embraced the Raspberry Pi as a platform to learn coding and build IoT devices. For less than $100, the Pi is a small palm sized computer which is WiFi and Bluetooth enabled with the power and capability which would have embarrassed some top performing home computers of the late 20th Century.

Raspberry Pi camera bug TSCM

Extra peripherals are also available for the Pi which include a camera and a sound card with audio I/O, both of which pose a considerable threat from an eavesdropping perspective.

After an online purchase of a Raspberry Pi 3, a camera, sound card and microphone and with limited programming experience since the mid 80’s when the Author muddled with his ZX Spectrum, Australian Bug Detection Group gave thought as to whether the Pi could be deployed as an eavesdropping threat. Within a few hours of online research and tutorials, it was relatively easy to program the device to record audio and video onto a SD card. With the Pi’s built in WiFi capability, it was tethered to a mobile phone WiFi Hotspot Access Point which gave the device access to the Web. Further coding (again found online) then enabled us to program the Pi to schedule an upload of the recorded data to the Cloud (taking seconds over 4G) which could then, obviously, be accessed anywhere in the world.

In a scenario where the Raspberry Pi with camera and or microphone was hidden within a board room and the mobile phone as a tethered WiFi AP in a nearby room or even outside the building, both powered with a power pack or mains AC, an extremely powerful and possibly challenging to locate (from an RF perspective) store and forward bug could easily eavesdrop on sensitive information.

Raspberry Pi programming bug TSCM

The purpose of this article is not to educate on how to build a bug, rather, to highlight to security managers and those who engage TSCM teams, that contemporary bugging devices and techniques require contemporary TSCM methodologies to counter that threat, utilizing modern technology to detect and locate them; eavesdropping techniques have evolved as technology has. Although near field and broad band detectors, nonlinear junction detectors and spectrum analyses are all important (and must have) tools in any sweep team’s tool kit, a professional sweep should not cease there; a TSCM team cannot afford to be complacent and not only address broadcasting frequencies. As discussed above, our primitive build of a store and forward bug has illustrated that with a cheap and small computer, a powerful recording device can be built which can forward data to the Cloud at a prescribed time, which would (probably) be missed from a RF transmission perspective as the sweep team would (probably) not be present during the scheduled upload.

As well as the RF analysis and a detailed physical search (human eye), a professional TSCM team need to verify for potential rogue WiFi APs, rogue WiFi Clients, check for thermal foot prints and think outside of the square.

Aircheck Wifi Cyber TSCM

If your TSCM team is not thinking outside the square contact Australian Bug Detection Group; we provide professional TSCM surveys to corporate and Government departments.