Fake HP Printer That's Actually a Cellular Eavesdropping Device

Julian Oliver has designed and built a cellular eavesdropping device that's disguised as an old HP printer.

Masquerading as a regular cellular service provider, Stealth Cell Tower surreptitiously catches phones and sends them SMSs written to appear they are from someone that knows the recipient. It does this without needing to know any phone numbers.

With each response to these messages, a transcript is printed revealing the captured message sent, alongside the victim's unique IMSI number and other identifying information. Every now and again the printer also randomly calls phones in the environment and on answering, Stevie Wonder's 1984 classic hit I Just Called To Say I Love You is heard.

Okay, so it's more of a conceptual art piece than an actual piece of eavesdropping equipment, but it still makes the point.

News article. BoingBoing post.

Posted on November 14, 2016 at 1:12 PM • 10 Comments

Comments

MatijaNovember 14, 2016 1:46 PM

That is nothing new. Ebay, DX and Ali are full of 'fake' (and actually functional) power cords with GSM bugs inside at least for 5 years. An they are extremly cheap!

Clive RobinsonNovember 14, 2016 2:27 PM

This I realy like,

    “So I decided to build one into a printer, the most ubiquitous of indoor flora, and have it actually antagonize people’s implicit trust in these technologies.”

It sounds like Julian Oliver, has a "hinky mind" of the right sort ;-)

GumpNovember 15, 2016 4:04 PM

@Matija

Which is why I never buy anything online or from a source which has to ship me the item(s). This includes clothing and other items, not limited to electronics.

Like Gump said, "You never know what you're gonna get!"

Coyne TibbetsNovember 15, 2016 6:33 PM

How could you name that song, Bruce? They're going to have to change it now

I'd suggest, "I Fought the Law." Seems a natural fit these days.

MatijaNovember 20, 2016 1:31 PM

@Gump

In most cases, it is very easy to check if anything what should not be inside is actually there. For example to open power cord and check for anything suspicious takes me

Clive RobinsonNovember 20, 2016 2:51 PM

@ Matija,

In most cases, it is very easy to check if anything what should not be inside is actually there.

Only if you know what should and should not be there, and you can see all of it. Further that what should be there, has not been configured in a way that causes information leakage, that you are not aware of.

For instance some transformer cores are "gapped" for sound electrical reasons[1], however you can arange for the core to change the reluctance thus effect the value of the inductance. That is you could make it behave like a microphone or other transducer. Thus that ferrite core you think is there for EMC reasons may not be. Likewise what looks like an earth shield, could be a slot radiator. Using just such techniques you can build the modern day equivalent of the "great seal bug" etc.

Further how do you know that the plastic casing of an electricity plug does not contain an embbeded micro chip or similar. You can design microwave fets to be incredibly small, and have a chip smaller than a grain of sand all it needs to do is bridge a narrow slot in the earth shield and have it's gate driven by a signal that changes it's impedence. Illuminating the slot at it's natural frequency will cause the slot to re-radiate the signal phase and amplitude modulated by the gate signal...

[1] http://info.ee.surrey.ac.uk/Workshop/advice/coils/gap/

Brian SmithsonNovember 29, 2016 1:18 PM

Most of the reports about this baited clickers with sensational headlines about evil printers intercepting calls and texts. One went as far as to list a few basic measures to help secure printers. None mentioned physical security or supply chain security. Arrgh...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.