Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is there some kind of device that can detect bugs like this? (I'm thinking of the "bug sweepers" I've seen in films)


I posted this on my Discord, one of our members is a security guy and pointed out that anyone concerned about things like this would be using a device called a NLJD, Non-Linear Junction Detector: https://reiusa.net/nljd/, which can detect circuit boards:

> The NLJD antenna head is a transceiver (transmitter and receiver) that radiates a digital spread spectrum signal to determine the presence of electronic components. When the energy encounters semi-conductor junctions (diodes, transistors, circuit board connections, etc.), a harmonic signal returns to the receiver. The receiver measures the strength of the harmonic signal and distinguishes between 2nd or 3rd harmonics. When a stronger 2nd harmonic is represented on the display in red, it indicates an electronic junction has been detected. In this way, a hand-held ORION is used to sweep walls, objects, containers, furniture, and most types of surfaces to look for hidden electronics, regardless of whether the electronic device is turned on.


Exactly the kind of thing I was looking for! Although, I guess for a bug hidden within an electrical device (like that in the article), this approach wouldn't work?

I wonder how well these work against shielding? Might it be possible to build your own device like this?


It would ‘work’ - but not be useful, because you’d already expect a circuit in that location.


No; USB2 cables are passive and shouldn't have any circuitry.


On the keyboard and the USB controller on the host (right next to the port) however…

So unless they’re dumb enough to put it literally in the middle of the cable? My point stands. These tools don’t typically have the resolution to tell.


The article has a section on that very topic: https://ha.cking.ch/s8_data_line_locator/#detection


Thanks; I did actually read the article, but missed this section (and likely some others) as the page doesn't work well on mobile.


The article covers that under the section "detection".

TL;DR: You can easily detect it while it communicates via GSM, and the device is also shielded quite badly, resulting in lots of easily detectable RF interference while it works.

All you need is a cheap RF detector. Having access to a full spectrum analyzer or a SDR will make this even easier.

All this gets much harder while the thing lies dormant, waiting for noise activation or commands. So the "quick bug sweeps" you see in the movies are more difficult.


> So the "quick bug sweeps" you see in the movies are more difficult.

Not if the sweepers are talkative (assuming that the device is sound-activated).


Good ones record long spans of audio, then transmit them in short infrequent bursts outside of working hours. You can leave GSM recording equipment overnight and analyze logs, but even when you see it in the logs it'll be hard to locate the device physically when it's not transmitting.


We used to have keychain lights that would start to blink whenever a nearby phone went off, I can imagine it could be set off by a device like this lol.


> So the "quick bug sweeps" you see in the movies are more difficult

Isn't that what nonlinear junction detectors are for?


Sure, the question is if you're surprised to get a positive from a USB cable. Wouldn't be surprised to find a diode inside there...


When in doubt, rip it out. If you suspect bugs, then get rid of any suspicious cable you can't prove the provenance of.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: