”VCONN pin is connected to VBUS via a resistor. There are also diodes on the board”
A truly paranoid analyst would check that these things that look like a resistor or diode actually are resistors and diodes. That may not be easy, as they could contain a tiny cpu and a few bits of flash memory that change the behavior from “resistor” to something else after x power ups or, using an on-board real-time clock, at a given date, or that run in parallel to the resistor or diode. A simple RFID chip already could be somewhat of use to spies.
Even simpler, that “resistor” could contain a tiny microphone and a radio transmitter (getting reasonable audio quality and reasonable radio range likely would be a challenge, but that’s what big budgets are for).
I used to think things like these were fun conspiracy theories for a slow afternoon. I remember seeing a guy who got Linux running on a spare ARM CPU on his SATA hard drive,
thinking "that'd be a great place for a rootkit".
But didn't think much further of it as that can be a dark rabbithole to go down. Then Snowden leaks came out, and it turned out technology was an active, hostile and full scale warzone.
These are not unreasonable thoughts to have now. Even if you prove one of these fans is safe, it does not prove that an individual has not been targeted with a fan with a payload.
You're absolutely right that it would be almost impossible to detect a malicious device in one of those components. But a few things come to mind:
1. If you're that paranoid, don't plug stuff in to your USB ports EVER.
2. If you're going to put a malicious device in this thing, connecting it to VConn isn't a good idea - since you'd have to be hoping that whatever you've plugged into is insecure at a hardware level in quite a specific way that there's no evidence of.
3. There seem to be easier ways to hack visitors to singapore - like getting physical access to their laptop.
But a resistor or doide only have two connectors. How could one possibly hide a tiny CPU or RFID chip inside with only those connectors? Two connectors would be the minimum to just power the chip up.
The going theory at the time was that they only bugged some percent of them in the hopes that someone would publish an analysis exactly like this and then everyone else would plug them in freely.
I'm surprised they didn't disassemble the fan proper- while it's not useful as a USB spy device, if we're going to go full paranoia, those lines could still be powering something in the fan chassis itself.
Jokes aside. My guess would be that it is highly unlikely a half decent secret service would use such a method to spread a virus or a trojan. On the other hand, I would also guess that no serious journalist will contemplate using a free device provided by a rogue nation just in case.
> On the other hand, I would also guess that no serious journalist will contemplate using a free device provided by a rogue nation just in case.
I disagree. While tech-minded journalists may be aware of the risks of untrusted USB devices, the same cannot be expected of everyone; even if they know that USB drives are potentially dangerous (already a crapshoot, even in some tech-related jobs), people unfamiliar with computers may not realize that the same risks apply to all USB-powered devices.
There's a lot of hysteria surrounding these freebie swag items, enough that you have to wonder if either exactly this sort of reaction was expected, and their laughing at exactly the expected level of fear and paranoia produced at the mere sight of a USB jack... or... they could only but roll their eyes, as they dropped a USB device into the mix out of curiosity to see if there would be any reaction at all, expecting possibly a muted, cool brush off, unconcerned about exploits, and instead caught ten or one hundred times the wave of hysteria, for something they might have internally estimated would be rated as being perceived as a mild security hazard.
Seriously, this has all the alarmist fear mongering of the Cuban embassy sonic weapon mystery, but none of the smoking gun who-dunnit clues.
People are going to be chasing their tails on this one, wondering if the fan rotors spin at resonating speeds to give off infra-sonic beam-forming geolocation signals, and that's after they sample scrapings from 1000 different components in a gas chromatograph mass spectrometer only to find that they were some standard chinese USB components, purchased in bulk orders months ago, but had arrived too late for Olympics swag and were basically left-overs.
It's funny, but I think the volume of this knee-jerk reaction caused more damage than an actual attack could have.
If North Korea was going to try and swindle it's way onto targeted USB interfaces, I'd have to imagine that they'd attempt a level of indirection (at least one), and launder the swag through a secondary shell entity, like some shady third-world press corps gadfly to the event.
If they hadn't thought of that before (even though I'm sure they already do think that way), this hair-on-fire reaction has certainly taught them to do so, unconditionally, going forward.
Before clicking the link I took a moment to think about how I’d design such a device for nefarious purposes, hoping that the author ought to be able to defeat whatever a mere hobbyist could come up with.
It would appear I’d make a better spy than the author would make a security analyst.
Penn Jilette has given interviews on what mindset is needed to trick people. One basic rule is that people will gravely underestimate the lengths he is willing to go to in order to trick the audience.
I’m not saying this is a spying device. I am merely pointing out that the author shed no light on whether it is.
This. There's plenty of space to overmold a chip embedded in the USB-C connector itself, and such a device would naturally open-circuit the data pins when powered off (defeating the multimeter test).
This "analysis" is so superficial that I thought it was a joke at first. At the very least the device should be completely disassembled and/or X-rayed.
That only helps if the spy equipment needs more than power from the USB port. It doesn't need a data connection if it's picking up RF noise from the laptop and audio from people to transmit to nearby agents.
Just for the sake of curiosity, wouldn't it be possible to embed some sort of self-contained microdevice inside the motor? A USB "rubber-ducky" type device is kind of expected, piggybacking something else off the USB would be kind of interesting. Cheap throwaways like this wouldn't make sense target-wise, but it's fun to think about.
That is the reason you have an X-ray to vet electronics before allowing them into secure areas (with potentially secret sound and generic em-waves (from 200nm to 300000km aka 300Mm)). If you don't have that already, you don't have that much physical security...
Would the magnets in the motor interfere significantly with radio transmissions? Not that it would preclude devices being housed inside either way, just introduce complications.
Journalists have sources that the spy organization would very much like to learn the name of. If you're going to come down hard on leaking, bugging journalists or compromising their phones is the most logical thing to do. The reporter that gave up the fan for analysis was absolutely right to be paranoid here.
Each device emits a specific RF signature when turned on. Nothing more. The Red Team then knows which journalists are susceptible to these kinds of attacks and will use this information later.
The meme of infected usb sticks in the parking lot is so old and known by everybody and their grandma, that only a prankster would really do it, with a parody screensaver virus.
A serious secret service would use more up to date methods.
Take something super banal (a mobile fan), give it a blindingly obvious hacker-y feature (USB connectivity), and distribute them among visitors from an adversarial country (the U.S.), and you're going to be hard-pressed to find someone who isn't at least the tiniest bit suspicious,
This is so entirely Spy Device 101 that the payload is likely just entertainment for DPRK officials– watching everyone stress out and tear it apart looking for something malicious.
And that, in and of itself, is pretty damn twisted.
[+] [-] Someone|7 years ago|reply
A truly paranoid analyst would check that these things that look like a resistor or diode actually are resistors and diodes. That may not be easy, as they could contain a tiny cpu and a few bits of flash memory that change the behavior from “resistor” to something else after x power ups or, using an on-board real-time clock, at a given date, or that run in parallel to the resistor or diode. A simple RFID chip already could be somewhat of use to spies.
Even simpler, that “resistor” could contain a tiny microphone and a radio transmitter (getting reasonable audio quality and reasonable radio range likely would be a challenge, but that’s what big budgets are for).
[+] [-] spitfire|7 years ago|reply
But didn't think much further of it as that can be a dark rabbithole to go down. Then Snowden leaks came out, and it turned out technology was an active, hostile and full scale warzone.
These are not unreasonable thoughts to have now. Even if you prove one of these fans is safe, it does not prove that an individual has not been targeted with a fan with a payload.
Also, don't discount the entire circuit being the bug. https://en.wikipedia.org/wiki/The_Thing_%28listening_device%...
[+] [-] slivym|7 years ago|reply
1. If you're that paranoid, don't plug stuff in to your USB ports EVER.
2. If you're going to put a malicious device in this thing, connecting it to VConn isn't a good idea - since you'd have to be hoping that whatever you've plugged into is insecure at a hardware level in quite a specific way that there's no evidence of.
3. There seem to be easier ways to hack visitors to singapore - like getting physical access to their laptop.
[+] [-] noobermin|7 years ago|reply
[+] [-] adraman|7 years ago|reply
[+] [-] bananadonkey|7 years ago|reply
[+] [-] 1ba9115454|7 years ago|reply
Supply journalists with harmless USB devices. Then pass around a fully weaponised PDF.
For the those that think malware in PDF's are history, here's a link to 2 zero days found just this march.
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/...
[+] [-] jeffalyanak|7 years ago|reply
[+] [-] ojosilva|7 years ago|reply
[+] [-] narrowingorbits|7 years ago|reply
[+] [-] jedberg|7 years ago|reply
[+] [-] blhack|7 years ago|reply
[+] [-] SketchySeaBeast|7 years ago|reply
[+] [-] 21|7 years ago|reply
[+] [-] bandwitch|7 years ago|reply
Jokes aside. My guess would be that it is highly unlikely a half decent secret service would use such a method to spread a virus or a trojan. On the other hand, I would also guess that no serious journalist will contemplate using a free device provided by a rogue nation just in case.
[+] [-] larkeith|7 years ago|reply
I disagree. While tech-minded journalists may be aware of the risks of untrusted USB devices, the same cannot be expected of everyone; even if they know that USB drives are potentially dangerous (already a crapshoot, even in some tech-related jobs), people unfamiliar with computers may not realize that the same risks apply to all USB-powered devices.
[+] [-] zenexer|7 years ago|reply
It's possible he put the date on which he plans to more formally publish or present it.
[+] [-] lawrencegs|7 years ago|reply
[+] [-] hymen0ptera|7 years ago|reply
Seriously, this has all the alarmist fear mongering of the Cuban embassy sonic weapon mystery, but none of the smoking gun who-dunnit clues.
People are going to be chasing their tails on this one, wondering if the fan rotors spin at resonating speeds to give off infra-sonic beam-forming geolocation signals, and that's after they sample scrapings from 1000 different components in a gas chromatograph mass spectrometer only to find that they were some standard chinese USB components, purchased in bulk orders months ago, but had arrived too late for Olympics swag and were basically left-overs.
It's funny, but I think the volume of this knee-jerk reaction caused more damage than an actual attack could have.
If North Korea was going to try and swindle it's way onto targeted USB interfaces, I'd have to imagine that they'd attempt a level of indirection (at least one), and launder the swag through a secondary shell entity, like some shady third-world press corps gadfly to the event.
If they hadn't thought of that before (even though I'm sure they already do think that way), this hair-on-fire reaction has certainly taught them to do so, unconditionally, going forward.
[+] [-] danso|7 years ago|reply
[+] [-] bborud|7 years ago|reply
It would appear I’d make a better spy than the author would make a security analyst.
Penn Jilette has given interviews on what mindset is needed to trick people. One basic rule is that people will gravely underestimate the lengths he is willing to go to in order to trick the audience.
I’m not saying this is a spying device. I am merely pointing out that the author shed no light on whether it is.
For your entertainment: https://youtu.be/WvXKSSmItls
[+] [-] baby|7 years ago|reply
[+] [-] kqr2|7 years ago|reply
https://hackaday.com/2015/12/08/theremins-bug/
The moving fan motor could act a simple microphone.
[+] [-] pocketstar|7 years ago|reply
[+] [-] schiffern|7 years ago|reply
This "analysis" is so superficial that I thought it was a joke at first. At the very least the device should be completely disassembled and/or X-rayed.
[+] [-] BooneJS|7 years ago|reply
[+] [-] rainbowmverse|7 years ago|reply
It was done in the '80s with much less advanced technology: http://www.cryptomuseum.com/covert/bugs/selectric/
[+] [-] zyztem|7 years ago|reply
[+] [-] solarkraft|7 years ago|reply
[+] [-] joemaller1|7 years ago|reply
[+] [-] namibj|7 years ago|reply
[+] [-] larkeith|7 years ago|reply
[+] [-] agumonkey|7 years ago|reply
[+] [-] moolcool|7 years ago|reply
[+] [-] jaxondu|7 years ago|reply
[+] [-] jrockway|7 years ago|reply
[+] [-] joosteto|7 years ago|reply
[+] [-] a3n|7 years ago|reply
[+] [-] sitkack|7 years ago|reply
[+] [-] 21|7 years ago|reply
A serious secret service would use more up to date methods.
[+] [-] countbackula|7 years ago|reply
[+] [-] peterwwillis|7 years ago|reply
[+] [-] kondro|7 years ago|reply
[+] [-] ant6n|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] agumonkey|7 years ago|reply
[+] [-] canada_dry|7 years ago|reply
[+] [-] barrystaes|7 years ago|reply
What about inside PCB, motor stator, USB connector, etc. Must be some example of Cambridge on how to NOT to do anything..