Hi, I have been having a look at utilising RF and trying to understand how every device around me emits RF.
I recently came across RTL-SDR and HackRF, alongside software like SDR++, TempestSDR, gqrx
etc. I know that I can spy on my monitor and record keyboard keys being pressed using RF, but what are some other ways I should be looking at to exploit my digital vulnerabilities, and trying to solve such problems?
Thanks!
Edit: I’m well aware that nothing I’m doing is that interesting to security agencies across the globe. With that said, I’m interested in maintaining my privacy, and this happens to be an avenue I find interesting. Any suggestions on how I can look to do so would be greatly appreciated!
trying to solve such problems?
Are you doing something that nation state security groups would find interesting?
If yes, then you are already compromised by asking about it here.
If no, then you have no such problems.
Simply put, no one cares about you enough to go to the trouble and even if they did, there are much easier ways to gather the information they need.
That does not mean it is not interesting to investigate but you do not have to worry about people looking to exploit my digital vulnerabilities as you are not that interesting for anyone to go to the trouble this sort of work entails.
Thank you, and it is exactly as you say: I’m not doing anything worth any interest to the state. With that said, from what I can see, with just some experience and interest it would be trivial to see what I’m typing on my screen right now and I wouldn’t even know. I’d like to know more about how one can exploit RF, and then learn to secure myself, even if I display blatant signs of unwarranted paranoia in the process.
it would be trivial to see what I’m typing on my screen right now
Ok, now move your monitoring equipment outside your home, into a van parked across the street.
How trivial is it now?
Have someone swap out your monitor for a different random model so that you don’t know what it is.
How trivial is it now?
There are four screens in the room that I am typing this and another in a room a few meters away. You now need to isolate the rf bleed of one from all the rest.
How trivial is it now?
I am now using my laptop at the local library where there are about 100 screens of various pcs and laptops.
How trivial is it now?
That is my point. When you have actual physical access to the equipment in a controlled environment, stuff like this is relatively easy.
When you don’t and need to do it in an actual real world scenario where you want to keep the target unaware of what you are doing it becomes so hard that unless a nation state is watching you it will never happen.
even if I display blatant signs of unwarranted paranoia in the process.
It is not paranoia to investigate this.
then learn to secure myself,
Believing you need to secure yourself? Yeah that is moving towards paranoia.
Paranoia, on some level is an aspect of narcissism.
I am so special that others want to know what I am trying to hide.
Trust me, no one gives a shit.
I understand your point, although I do not believe that I’m much of a narcissistic person.
I also do realise that it is not trivial for a random person to spy on me - thank you for the example.
With that said, I do still want to know. Regardless of whether I think I’m special, that I have something to hide, or if I’m paranoid. Could you point me in the right direction?
Honestly, if you are serious about limiting RF leakage. The simplest and easiest avenue I can suggest is to build a faraday cage around you equipment.
No expensive testing equipment required.
It won’t be pretty or convenient but a couple of hundreds dollars in 2 by 4s and chicken wire will block out your theoretical neighbour from scanning from the apartment above, below or from any direction.
Of course that will mean you can’t use WIFI but I assume you know that already.
don’t use 2x4s. Furring strips are way cheaper and would take up less of the interior space while doing the job just as well.
But yeah, it’s also
dumbpointless, so don’t do that.Thanks, I was thinking the same thing. But how would I build a Faraday-cage for a bunch of cables? Say, the HDMI cable to my monitor and the USB cable to my keyboard.
Why would this hamper my usage of WiFi though? I’m going to be using WPA3 very soon, at which point trying to hack into it becomes quite arduous and I suppose nobody but nation states have undisclosed backdoors for such marvellous technology.
deleted by creator
For the record, I am interested in what you’re doing and you should definitely see me as a threat
I don’t think an RTL-SDR is going to help you with any sort of privacy outside of maybe validating that your devices aren’t emitting typical RF while they off. You aren’t realistically going to become an electronic warfare master with some shitty home equipment and no formal training.
Best route is to start combing through security conference presentations for anything relevant to your lifestyle.
A lot of the cutting edge information gathering stuff isn’t exactly practical for widespread use. I guess somebody living a floor above you could capture your wireless traffic, but you’re not interesting enough for them to dedicate high sensitivity antennas and bespoke equipment to phreak your keyboard strokes and break out fucking differential power analysis techniques on your home.
Practice good data and security hygiene, stay off social media when possible, and don’t use IOT devices. If anybody wants to get at you, and I mean really wants to get at you, there’s nothing you’re going to be able to do about it besides giving up all electronics.
Thanks, I realise that I’m an absolute beginner in this, and a cheap dongle isn’t going to make me a guru. I don’t even aim to be one, as such: I just want to know what my devices are emitting, and how easy it is to snoop on and decrypt such signals.
I will have a look at differential power analysis, thanks for mentioning that. I am not very good with electrical engineering concepts, but I’d like to learn as much as I need to.
I know that it is almost impossible to run from the state. With that said, if an average person decides they want to be able to snoop on my activity, I’d like to nip such efforts immediately.
Thanks
I came off as pretty aggressive, so I apologize. I’ve been interested in this field for a while and I am still an amateur in most aspects. This isn’t really an area that’s intuitive or easy to pick up for most people.
You’ve come out of the gate swinging. It’s technically possible for people to do the things you’re exploring… but the same people who are publishing these techniques and concepts are professionals. They may not have formal education in computer science, but they have the experience.
Spend time going over things like DEFCON presentations. Sharpen your coding skills. Vacuum up free courseware from sources like MIT.
You can probably pick up “normal” RF with a cheap SDR antenna setup, but then what? You are stuck with some waves and no idea what to do with them. Are you picking up intentional Bluetooth? How would you recognize Bluetooth that’s frequency hopping? Looking at RF waveforms for modern communications is absolutely ugly and tedious.
There’s so much to learn. You need to pick one topic and dig in. All of these things have much more depth than we can explain over lemmy.
Thank you for the comment. I did start watching DefCon presentations (and would like to visit in person someday!), and have been interested in RF hacking/ hardware hacking for a while now - just didn’t explore it well enough.
Now that you mention it, I do want to pick up Bluetooth and other signals that devices give out. The eventual aim is to be skilled enough to run a personal honeypot and experiment with different protocols.
Thanks, I’ll begin going over some coursework too. Your help is much appreciated!
Honeypots have gotten really weird lately. Anti-honeypot (along with anti-VM and anti-debugging) techniques and methods are more common than ever. I think something like 80% of all APT-level malware from the past 5 years use these techniques
I see. That might not be such a good idea then. Thanks for pointing that out
I don’t think you need to worry about this…
Thank you, but as I note in my edit, it is an avenue which I would like to explore with respect to privacy concerns. Technically speaking, if someone had the interest, they could sit a floor below me, tune in and be able to see what I’m typing right now. Not saying that anyone would specifically do this, but the point remains that it is cheap and somewhat easy to do so.
You should try this. I guarantee that it’s nowhere near as easy as you’re thinking.
There’s a huge difference between proof of concept activities and useful, fruitful information gathering and analysis.
If you’re going to be downloading programs and running scripts without doing the work to understand how these tools were built and how to modify them to suit your use cases, then you aren’t actually going to get anything useful out of them.
Thanks, yes, I realised that it is not as easy as it sounds. There is so much more interference in the real world.
I have come across the applications I mention in my post, but I don’t think I’m at the stage yet when I can appreciate the difference in specialities amongst them. Could you point me in the direction I should go to learn more about snooping on RF from consumer hardware?
Best place to start is by vacuuming up some open courseware from MIT on the topics you’re interested in. RF fundamentals, basic wireless communications, maybe some basics of network security and fundamentals of computer security or cryptology.
You need a knowledge base in order to know what to look for when you run into problems, else you just kind of waste a lot of time.
Then, familiarize yourself with wireshark. Start the program and visit a few http websites to see what information your computer is transmitting and how it’s formatted. Your goal is to ultimately snoop on this information and modify it. You need to know how to change a character in the middle of a packet to deliver an effect. If none of that makes sense…
Learning an SDR is honestly a bit of a pain. You can get a $30 antenna on Amazon that covers the ~1-6 GHz range and that will enable a lot of what you want to do. Try to pick up on old router that supports the WEP protocol. It’s old and deprecated with lots of information on how to break it.
Combine the SDR with your computer and wireshark to visit a webpage with HTTP. You’re almost certainly going to run into problems manually isolating and cleaning up the WiFi signal on your SDR into something that’s useful, but you probably have enough to start you off on your journey. If you can capture the WiFi traffic and convert it from an analog waveform into a digital bitstream, then you can finally begin doing useful things. Of course… you need to decrypt the bitstream and account for errors.
Good luck
Hey, thanks for your comment. I don’t think I’ll be able to get anything from snooping on my WiFi signal, it’s WPA2 and will be upgraded to WPA3 soon. I don’t have the skills to fight that kind of encryption, unless I’m missing something very basic here.
I do have some understanding of networking and network security, and am familiar with wireshark. My intention to get into this subject was to try and find exploits possible outside of a network (discounting OPSEC). Basically, I wanted to see what wireless exploits I would hold even if I hardened my network to the maximum (shut down my connection to the Internet maybe). That is my motivation to try and learn about RF hacking, alongside maybe using it with IoT, etc (I plan to use FOSS software and will not allow access to the Internet).
I am mainly looking for signals around me that are unencrypted/loosely encrypted. There’s no chance for me to break 128-bit encryption anyway, I won’t even try to do that.
Thanks again! This really helped :)
It’s best to purchase an old router which doesn’t support new protocols to learn with. It should only be used for your testing - not meant for normal use. WEP will be several orders of magnitude easier to crack than WPA2 or WPA3. Tools can help you break certain implementations of encryption regardless of how many bits of entropy that are being used - often by addressing weaknesses in the algorithms or cryptologic pathways vice brute forcing. That’s often the kind of thing demonstrated in conferences and featured in research papers.
As far as everything else is concerned, you’ll get there if you stick with it. I’ll echo what others have said in this thread; there are some serious diminishing returns for attaining absolute security, all of which can be bypassed by attacking you.
Thank you, and I might actually do so for testing purposes. I will note though, that my intention of learning about RF is to understand the ways in which I’m open to attacks which include RF. Not that worried about WiFi (WPA2/WPA3), but thanks for the idea
I second the Ham Radio License idea. Now days, you can even get your license without the Morse code tests.
Thanks, I’ll take a look!