When you see how small some of these devices are it makes you realize how easy it would be for a malicious actor to bug just about anything you own. A simple cell phone charger becomes a listening device that could have an LTE modem hiding in it.
People are worried when they find a raspberry pi sitting in the network rack - and rightfully so - but fail to realize that you can achieve pretty much the same thing by hiding in plain sight.
Imagine how much you could fit into a 6-port commodity surge protector.
> A simple cell phone charger becomes a listening device that could have an LTE modem hiding in it.
You can already get USB cables that have a hidden mic and sim, so if powered you can phone up and listen in. Those a very cheap and google shows this, but this is more adventurous.
As for targeting hardware and security - how many people would question a fancy free mouse or keyboard arriving in the internal post as it happened to of been dropped of at reception. Great pentesting trick btw.
As for chips with `hidden/undocumented` remote activated features. If it was documented, would it be bad or something you can use or actively block off. When they are undocumented, well - hard not to think the worst. But then, CPU's today, not fully documented when you can't hack away at the microcode and management and whatever else is DRM'd out of your reach.
If Intel was a Chinese company instead of American - how would Americans feel about Intel chips? That is an interesting thought exercise.
I don't think this is any better elsewhere. If anything, the higher concentration of tech in America might make some of her citizens better prepared. But most everyone doesn't care beyond "making the darn box work."
And one could easily walk round many building just plugging them in. I mean how many people would remove a glade-plug-in just in case Dorothy from accounts likes the smell? Dorothy might just replenish the scent dispenser every six weeks.
Which would save HR doing it and sending a memo about health and safety and asthma can kill due to these, possible.... Yeah, that is exactly how that would play out in many companies. At least in the UK.
So, unplug the device and leave it on Alice's Desk. if Dorothy gives you a hard stare, then you know she must have had access to the video feed in the plug-in, and so is the corporate spy.
But if Dorothy instead gives Alice a hard stare, Dorothy is innocent. But if you return that morning to find the device plugged back in, Alice must be the spy.
Without ruining the main use case - is there some way to sterilize or nuke things like a basic cell phone charger when it should have no radio-frequency capability?
> is there some way to sterilize or nuke things like a basic cell phone charger when it should have no radio-frequency capability?
If you want Fast Charging, short circuit protection or similar, then no, it has to have ICs and those could do a lot of things that are hard to detect.
My guess would be no, as even the basic use case of a modern charger (for example) requires a functioning computer. Shielding is only a temporary option too because the device could just buffer the data and wait for the opportunity to send.
My guess is, if there is a proof of malicious act, the governments should severely punish the originating company. To act as a deterrent, i.e.: "you can get away with this exactly once".
Yup -- these already exist. I can't find the 6-port commodity surge protector implant (I've seen it before), but these are the other relevant tools you're thinking of: https://shop.hak5.org/collections/network-implants
People are worried when they find a raspberry pi sitting in the network rack - and rightfully so - but fail to realize that you can achieve pretty much the same thing by hiding in plain sight.
Imagine how much you could fit into a 6-port commodity surge protector.