Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Spy vs. Spy: A Modern Study of Microphone Bugs

Veronica Valeros

This paper has been accepted.

In 2015, artist Ai Weiwei was bugged in his home, presumably by government actors. We were concerned about the lack of research about placing and detecting bugs and how little it is discussed in the community. While in some countries the possibility of having a mic bug at home is non existent, sadly in other countries is far to common. As the technology gets cheaper and more accessible, the possibility of being bugged gets more real. However, our general knowledge about mic bugs comes mostly from movies and other fictional sources, which may be far from reality. How much of this is true? How much it is fiction?

Concerned about the knowledge gap in this area, we decided to perform an in-depth survey on the state-of-the-art microphone bugs, their characteristics, features and pitfalls. We did real life experiments in a Spy-vs-Spy scenarios: one person in charge of placing hidden mic bugs and the other attempting to detect them. Given the lack of open source detection tools, we also developed a free software SDR-based program to detect hidden microphones. In this talk we present the results of our research and we release our tool, hoping to help debunk the common and usually fictional beliefs about microphones bugs. Our results show how far the mics can reach, how difficult it is to place them, how much time it takes to find them, how much space do they occupy, how hard is to change them and how hard is also to remove them.

About Veronica Valeros

Veronica Valeros is a hacker, researcher and intelligence analyst from Argentina. Her research has a strong focus on helping people and involves different areas from wireless and bluetooth privacy issues to malware, botnets and intrusion analysis. She has presented her research on international conferences such as BlackHat, EkoParty, Botconf and others. She is the co-founder of the MatesLab hackerspace based in Argentina. Since 2013 she is part of the Cognitive Threat Analytics team (Cisco Systems). She specialises on malware network traffic analysis and threats’ categorisation at big scale.

About Sebastian Garcia

Sebastian Garcia is a malware researcher and security teacher. He did his PhD on the detection of botnets/malware by analyzing their network traffic and creating behavioral models of their actions. He likes to analyze network patterns with machine learning tools, specially on malware and botnet traffic. As a researcher in the ATG group of Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. As a co-founder of the MatesLab hackspace he is a free software advocate that worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, bluetooth analysis, privacy protection, intruder detection, robotics and biohacking. In the CTU University he is managing the Stratosphere IPS project, where they are developing a free-software behavioral-based IPS.