NSA’s Retro Reflectors Reverse-Engineered

Researchers worked them out with a tiny transistor and a 2-inch wire

  HackRF One software defined radio (SDR) peripheral
Security researchers managed to recreate some of the products listed in the Advanced Network Technology (ANT) catalog of the NSA using electronic common components.

Security researchers managed to recreate some of the products listed in the Advanced Network Technology (ANT) catalog of the NSA using electronic common components.

A team of researchers led by Michael Ossmann of Great Scott Gadgets invested some time and effort to build two products similar in functionality to the Surlyspawn keystroke logger and Ragemaster.

Both of them are retro-reflector systems in the NSA’s catalog and their purpose is over-the-air surveillance. Surlyspawn is designed to intercept keystrokes using nothing but radio signals, and it works with both USB and PS/2 keyboards.

Recently, a similar method was discovered by researchers at the Ben Gurion University, their demonstration being intended for extracting keystrokes from air-gapped systems using malware crafted for smartphone usage.

In this case, the keystrokes on the affected system could be extracted wirelessly, via the acoustic and electromagnetic emanations generated by its hardware components (monitor, keyboard, network cards and even RAM chips).

Ragemaster works in a similar way as Surlyspawn but focuses on capturing images from the video signal when attached to a VGA cable.

Both systems consist of a transmitter and a receiver, which Ossmann found to be a transistor and a 2-inch wire that worked as an antenna.

According to New Scientist, essential in cloning the NSA devices was an SDR (software-defined radio) platform called HackRF, also built by him; the device can transmit or receive radio signals from 10 MHz to 6 GHz

SDR devices rely on digital-signal-processing chips that can be programmed in terms of the wave shape of a radio signal, the frequency it uses and the power level.

They are capable of receiving and transmitting radio signals and flexible enough to permit operation in a different band (AM, FM, GSM and Bluetooth).

The NSA catalog of tools comprises a vast number of electronic devices and software solutions for spying activities. Some of them are listed as projects that have been already finalized and deployed while others awaited the green light for being delivered.

Software solutions present in the catalog are intended for exploitation of motherboard BIOS, firewall and router components along with exploits for wireless standards.

Electronic devices include retro-reflectors with different functionality, like intercepting audio data from a targeted space using radar and basic post-processing.

Ossmann will be presenting his creations this year in August at the Defcon hacker conference in Las Vegas, where he will show how they work, how easy they are to build, and even give some away.

Comments