2018

 

An enlightening event

The TSCMi annual conference is a two day event bringing together TSCM consultants and practitioners with representation from across the world from the private and public sectors to share the latest information upon eavesdropping technology and the products and techniques designed to mitigate against the ever more sophisticated threat.

This year’s recent conference covered a wealth of subjects including the challenges of 5G, the view from the opposition and the vulnerabilities of that computer on wheels we all call a car. Most significantly this year a constant and emerging thread running through the event was evidence of an increased awareness by business and government of the threat to corporate and government assets from Technical surveillance and other forms of eavesdropping, and an aligned increase in investment to combat the threat. This is further supported by recent security press articles, particularly from the USA, support this viewpoint

To one who has been actively involved with technical security for many years an understanding of the continued and undiminished eavesdropping threat has been ever present. Conducting TSCM surveys for clients in conference centres and heavily populated business conurbations has frequently resulted in not just evidence of surveillance regarding clients, but also positive identification of active technical eavesdropping attacks upon neighbouring businesses and premises

So why has consideration of the eavesdropping threat been so low in the minds of those concerned with the protection of information assets up to now? And what has triggered this increased awareness amongst the wider business and government community?

Recently a TSCMi member brought to our attention a YouTube article referring to a hacking vulnerability of Amazon’s Echo, the audio personal assistant, to provide the opportunity for malicious use as an eavesdropping device. In truth this should not be a surprise. On line Hacking communities have recently been full of such vulnerabilities, and these are not just limited to the Echo. There are a number of similar “smart speakers” and apps that provide personal assistant functions on laptops, smartphones and tablets.

And they’re all smarter than you might think.

The enthusiast community engaged in the use of Software Defined Radio (SDR) projects is ever finding new functionality with which to experiment. One recent example, particularly relevant to the TSCMi, is development of software capable of utilising SDR to mount a TEMPEST attack upon laptop screens.

TEMPEST attack capabilities have been around for a long time, but such an attack as this has previously required sophisticated and expensive hardware and associated complex software.