10 ways your voice and data can be spied on

Here are 10 cloak-and-dagger ways, legal and illegal, to secretly tap into networks and computers to capture data and conversations

Attackers seeking to do harm or mischief to networks work with an ever expanding arsenal of tools that sometimes seem to be the stuff of spy fiction, but they are all too real.

10 cutting-edge spy gadgets

Here are 10 cloak-and-dagger ways, legal and illegal, to secretly tap into networks and computers to capture data and conversations.

1. Wireless keyboard eavesdropping: Remote-exploit.org has released an open source hardware design and accompanying software for a device that captures then decrypts signals from wireless keyboards. The device uses a wireless receiver that can be concealed in clothing or disguised as a common object that could be left on a desk near a PC to pick up signals.

Called Keykeriki, the technology targets 27MHz wireless keyboards to exploit insecurities that remote-expoit.org discovered earlier. The company plans to build and sell the hardware.

2. Wired keyboard eavesdropping: Electromagnetic pulses that keyboards make to signal what key is being hit travel through the grounding system of the keyboard and the computer itself as well as the ground for the electrical wiring in the building where the computer is plugged in.

Probes placed on the ground for the electric wiring can pick up these electromagnetic fluctuations, and they can be captured and translated into characters. The potential for this type of eavesdropping has been known for decades, and many experts believe spy agencies have refined techniques that make it practical. Andrea Barisani and Daniele Bianco, researchers for network security consultancy Inverse Path, are presenting their quick-and-dirty research on the topic at this year's Black Hat USA conference in the hopes of sparking more public research of these techniques.

3. Laptop eavesdropping via lasers: Bouncing lasers off laptops and capturing the vibrations made as keys are struck give attackers enough data to deduce what is being typed. Each key makes a unique set of vibrations different from any other. The space bar makes an even more unique set, Barisani and Bianco say.

Language analysis software can help determine which set of vibrations correspond to which key, and if the attacker knows the language being used, the message can be exposed, they say.

4. Commercial keyloggers: Early keyloggers were devices attached in-line with keyboards, but they advanced to software tools that grab keystrokes and store or send them to an attack server. Commercial versions have the software loaded on memory sticks that can dump the software on a computer and then be reinserted later to download the collected data.

5. Cell phones as remotely activated bugs: Software loaded onto certain models of cell phones can silence the ringers and cut off the light displays that would normally be triggered when calls are made to them. The caller can then listen in on conversations in the room where the phone is located.

According to press reports, the FBI received court permission to use this technique to spy on suspected Mafia members in New York.

6. Cell phone SIM card compromise: If attackers can get possession of a cell phone briefly, they can use commercially available software to download and read SIM cards and their store of phone numbers, call logs, SMS messages, photos and so on.

For instance PhoneFile Pro is software on a USB stick that claims to enable both the download and the display of the data.

7. Law enforcement wiretapping based on voice print: Phone company voice switches include software that can search all conversations going through it for voices that match sets of voiceprints. Whenever the switch makes a match, it can trigger a recording of the conversation and alert law enforcement officials, says James Atkinson, an expert in technical surveillance countermeasures.

The feature is designed to support communications assistance for law enforcement (CALEA) -- the law that requires phone companies to provide wiretapping access under court order to specific communications traffic.

8. Remote capture of computer data: Under a sketchy technique called Computer and Internet Protocol Address Verifier (CIPAV), the FBI has remotely tracked down data about individual computers.

Details of the technology have never been publicly revealed, but they were used to track down high-school students who sent e-mail bomb threats.  CIPAV grabs IP and MAC addresses, running processes, visited Web sites, versions of operating systems, registered owner and logging of computers the target computers connect to. It is believed the software that does this is dropped in via exploiting instant messaging.

9. Cable TV as an exploitable network: Because most cable TV networks are essentially hubbed, any node can monitor any other node's traffic, says James Atkinson, an expert in technical surveillance countermeasures. By and large security is rudimentary and the encryption used could be hacked by someone with basic technical skills and readily available decryption tools, he says.

10. Cell phone monitoring: Commercially available software claims to capture cell phone conversations and texting. Attackers need to get physical access to the phone to upload the software that enables this.

There are several commercial brands on the market, but there are also online complaints that the software doesn't work as advertised or is more complicated to use than the vendors let on.

Join the PC World newsletter!

Error: Please check your email address.

Tags network security

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?