In super secure locations like a SCIF, a TSCM (technical surveillance countermeasures) team comes through on a regular basis with highly sensitive, expensive portable spectrum analyzers, which would find this really quick.
You're completely correct. You'd have to be watching that frequency continuously. Fortunately, there's another way...
Nonlinear junction detectors can find semiconductor things, be they powered on OR off. Long story short, you blanket an area with GHz rf, and then look at the harmonics of the freq you spray it with.
I can see how to create one with a 2.4GHz transmitter and a DSP. I know the prices Ive seen are in the thousands of $$$, in which it's not terribly complex. The hardware would probably cost around a few hundred, primarily cause DSPs are $$$$
Completely out of scope of anything but superpower espionage, but that got me wondering if you could do something useful with a nanoscale mechanical computer built the same way they do those microchip gyroscopes. The simplest would be a mechanical timer for toggling power only when there's no countermeasure scan going on, but I wonder if there are other clever things you could do if you had a nationstate budget
Why would a TSCM want to inject traffic and potentially alert the adversary to the detection? Have you seen some of the spectrum analyzers built on HackRF?
because for me, doing TSCM is only half of what I'm wanting to do.
There's a lot of wireless stuff out there, not using 802.11__ or BT specs and frequencies. Are these things secure? Probably not. Are they encrypted? Perhaps. Do they defend against replay? Likely not.
But in the end, how do we assess? Standard TSCM gear can do a good job scanning and finding peaks. But its not for protocol decoding and device assessments. My goal is to "Identify signals, categorize protocols for signals found, decode if possible, and attempt to access/exploit".
This is awesome and thanks for sharing it, do you know if the circle city con talks are going to be recorded? I'd love to see a walk through of this stuff
Ive never attended CircleCityCon before, but in my experience, hacker cons do record. The problem I find is the smaller cons end up hosting the videos on a private server.
You could certainly ask them over twitter. In my experience they return questions in an hour or 2.
You'll remove the USB controller from the USB port on the laptop, then provide an adapter that has a USB controller, and plus it to the regular usb cable.
Google USB-PD. Devices on either end of the USB cable could be dumb, and it would revert to some base minimum requirements (5V 500/900mA or so). But notebook may not be able to negotiate for higher power or higher voltage for charging.
