- This topic is empty.
-
Posts
-
The “sophisticated NSA-level” bug that Eskom CEO André de Ruyter found in his car is neither particularly intricate nor something advanced nation-state clandestine services would use.
This is according to security researcher Daniel Cuthbert, who analysed photographs of the device that the Sunday Times and News24 posted online.
Cuthbert is co-author of the OWASP Application Security Verification Standard and sits on the Blackhat review board.
The Sunday Times quoted from a preliminary report prepared by former police commissioner turned forensic investigator George Fivaz who stated that the bug is not available on the open market.
Fivaz reportedly said the “sophisticated” device is typically used by law enforcement and intelligence agencies, and can send and receive signals.
However, he said the bug was beyond the capabilities of ordinary private investigators and even South Africa’s clandestine services.
He added that it could be used for tracking, listening, smart RFID, metering applications, keys, Internet of Things, and telemetry devices.
“It can send data up to a rate of 1.25MBb/s [sic],” Fivaz’s agency reportedly said.
Cuthbert said the photos of the device posted online suggest the exact opposite — that this is a perfectly mundane, off-the-shelf device with very limited capabilities.
The biggest tell, Cuthbert explained, is that photos of the back of the device reveal that it uses a CR2032 lithium coin battery.
Such a low-power battery would drain very fast if used to drive a GPS module for tracking De Ruyter’s location.
Cuthbert said he would expect An “NSA-level” tracking device to use a lithium polymer battery.
Comparison of lithium batteries. From left to right: CR2032 coin cell, CR123A, lithium polymer For comparison, MyBroadband has previously used Chipfox trackers that include a GPS module and connect to the Sigfox network.
These are powered by CR123A lithium cells with much greater capacity than coin batteries — 1,700mAh compared to 220mAh, according to datasheets on RS Components.
However, even these low-power Chipfox trackers are usually configured only to enable their GPS modules infrequently to conserve the battery. Real-time tracking would drain it rapidly.
Cuthbert said if he were a secret agent planting a bug in a vehicle that he had physical access to, he would wire it directly into the fuse box, obviating the need for a battery entirely.
Aside from the choice of battery, several other issues suggested that the device De Ruyter found was not an advanced tracking or listening bug.
Cuthbert noted that the circuit board has silkscreened markings on it, test pins, and a sticker with a serial number.
A state-sponsored intelligence agency would more likely use custom boards without clear markings.
There is no microphone or connector where a microphone might be attached.
It also doesn’t have a GSM or other radio module to allow the device to relay data back to the alleged spooks that planted it, nor an obvious way to record conversations for later retrieval.
This then raises the question — if not a tracking or listening device, what is this circuit board De Ruyter found while cleaning his car?
“Honestly, it looks like a gate remote,” Cuthbert said.
- You must be logged in to reply to this topic.