At Def Con 22, Philip Polstra presented, “Am I being spied on: Low-tech ways of detecting high-tech surveillance.” At Def Con 22, Philip Polstra, an associate professor of digital forensics at Bloomsburg University of Pennsylvania, presented “Am I being spied on: Low-tech ways of detecting high-tech surveillance.”Technical Surveillance Counter Measures (TSCM) are usually expensive and used to detect corporate espionage. Yet after the Snowden revelations, we learned regular folks might be victims of high-tech spying via implanted hardware, software or firmware. Why should you care? Polstra pointed out, “Our government’s assault on the Constitution is pretty well known.” But there’s a chance someone else could also be spying on you, like someone you’ve ticked off or a jealous and suspicious significant other.Polstra set out to help people determine if they are victims of spying via video surveillance, audio eavesdropping, or devices embedded in smartphone, tablets or computers. He also covered how to tell if they are being tailed. He said, “Choose your level of paranoia.” You can “detect many spying activities at no cost,” but the “truly paranoid can still test without financial ruin.”Detect hidden cameras for video surveillance According to Polstra, all night vision cameras share a common “flaw” of infrared lights in the lenses. Although you can’t see infrared light with your eyes, it is what allows a camera to keep up surveillance in the dark. If you think there might be small hidden cameras in your house or business, then you can use your smartphone to find out.When a room is dark, he suggested turning on your smartphone camera and slowly scanning the room. If there are hidden cameras, then Polstra said you will be able to see the flare of infrared from the covert camera through your phone’s display. If you don’t have a smartphone, but do have a digital camera, then you can use that to look for evidence of being under video surveillance. He had additional tips for detecting wireless cameras such as using an app to detect a wireless ad hoc network that the surveillance devices are using to communicate with each other. He called airodump-ng an “easy way” to search for wireless cameras, but listed more sophisticated methods such as using Python. Although he proposed several moderately expensive methods, he said an inexpensive solution would be to use a BeagleBone-based system.Detecting if you are being tailedIf you think you are being tailed, but don’t actually see anyone tailing you, then Polstra suggested turning on your vehicle’s AM radio. If your car has been tagged with a tracking device, then you should “hear a consistent and loud tone.” He added, “When you’re going places, don’t just look ahead. Look around…. Watch for those vehicles that go away and suddenly come back. Time it so you’re the last person to go through a traffic light…. Just park your car for no reason. Sit inside for a couple minutes. If you’re real paranoid get out of your car.”Detecting covert audio surveillanceYou can try the AM/FM analog radio trick if you are concerned about audio surveillance, but it will only work on the “simplest bugs.” An inexpensive method to detect active audio bugs, Polstra explained, is to use a USB TV tuner software defined radio (SDR). It can “detect signals in 50 MHz – 2 GHz” and “commercial bugs are usually 10 MHz – 8 GHz.” The flipside of that was presented at Def Con last year when security researcher Melissa Elliott showed how to spy on your neighbors by using a $10 USB dongle TV tuner.Detecting bugs in your computing devices Although we know the NSA or FBI black bag team can snag devices during shipment and physically install spying implants, intercepted shipments are not the only way you could end up with covert bugs in your PC, tablet, smartphone or laptop. Polstra suggested it could be “spies in your local IT staff” or an enemy in your office.He advised physically checking “every device connected to your computer, especially USB and network.” He also said you could crack open the case and look for obvious signs of a bug, or check for current leaks as a bug must have power to work. “Turned off devices shouldn’t draw any power.”He said you could “modify a universal laptop power supply to detect current leakage. For laptop or phone, remove the battery and measure current with device ‘off;’ current flow indicates a possible bug.” For tablets, Polstra said to “fully charge the battery and then measure the current flow.” A “small current might indicate issue with charging circuit or battery;” but “if the current peaks when you speak or move in view of the camera, there may be a bug.”Polstra posted his presentation slides here. Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe