The Hacker Who Turns Office Equipment into Bugging Devices

A clever hack could broadcast sensitive secrets over radio frequencies.

Jul 29 2016, 2:00pm

You think about securing your laptop, but what about your desk phone, monitor, or printer?

In the second episode of Can I Hack It?, made possible by Mr Robot on Amazon Prime, we explore the security of "embedded devices"—objects that contain computing systems but that you wouldn't necessarily think of as computers. The everyday office equipment above all contains embedded systems, which means it's all vulnerable to hacking.

Ang Cui, who heads up Red Balloon Security in New York City, has a particularly innovative way of hacking these devices. Using a piece of malware called "funtenna," he's able to make devices transmit data over radio (RF) signals, and then pick them up with an antenna. He's basically using software to turn this equipment into bugging devices.

Cui demonstrates how he could make an office phone or a printer broadcast potentially sensitive information all through software, without him ever needing to physically access the device.

As RF can travel through walls, a hack like this could conceivably target even the most locked-down of premises—think businesses, power plants, or even military bases.

It's a pretty high-level hack, but as Cui says, if he's thought of it, you can imagine someone else has.