Since 2010 there has been a noticeable change in the types of surveillance devices that are being used in both commercial and government settings. Also, the way in which Video, Audio and Data product is transported to an eavesdropper or attacker has also evolved.
In addition to cellular surveillance techniques and devices, we have also seen a large increase in devices and surveillance attacks that use other wireless protocols. A new generation of Bluetooth devices has been developed. The use of this technology is especially suited to vehicle surveillance and tracking.
Wi-Fi devices that use the current and emerging Wi-Fi standards are also extremely popular as they give infinite range and are hard to detect amongst the many hundreds of Wi-Fi devices in a typical urban landscape. A quick search online yields many different types of devices and vendors selling a wide range of Audio, Video and Data surveillance devices all that use Wi-Fi and cellular as the main transmission medium for the surveillance product.
Manufacturers of surveillance devices whether they are at the lower end of the market, (the commercially available devices manufactured in the far east), the high end equipment manufacturers or bespoke systems made by governments. These devices will nearly all utilise the anonymous high speed global cellular, Wi-Fi and Internet services that are available.
In fact, whereas a few years ago radio bugs were still quite easy to purchase we have now found they are hard to source, as no one is buying them and very few companies are manufacturing them.
In summary surveillance attacks that use Cellular, Wi-Fi and Bluetooth technology now accounts for around 80% of the total worldwide technical surveillance threat.
The above shift in surveillance technology has led professional TSCM teams whether government, military, law enforcement or commercial to re-evaluate the equipment and methods required to counter these attacks.
Traditional examination of the radio frequency spectrum is not effective in finding Cellular, Wi-Fi and Bluetooth attacks. This is because in the case of cellular there are so many cellular devices on so many different bands and frequencies, all employing dynamic power and now TDD (Time Division Duplex) that a spectrum analyser cannot be effectively used to identify and locate these attacks.
This is also the case with Wi-Fi, Wi-Fi devices whether operating in the 2.4 GHz range or the 5 GHz range are also using TDD wireless protocols. To keep pace with the new 5G functionality, Wi-Fi is developing a new Wi-Fi 6 protocol to give increased reliability and bandwidth to compete with 5G.
On an average TSCM inspection in a metropolitan urban area you can expect to detect in the region of 600 to 1000 Wi-Fi enabled devices in an average one-hour scan. There are only 13 channels available in the 2.4 GHz range and 25 channels available in the 5 GHz Wi-Fi range. So, in total you have 38 available channels that are being utilised by 600 to 1000 devices in any one location at any one time
The other issue is that Bluetooth is a frequency hopping protocol using 80 different channels and hopping 1600 times per second, the Bluetooth frequency range is the same as the Wi-Fi 2.4 GHz frequency band.
So both Bluetooth and Wi-Fi transmit and receive using the same frequency band making this area on a spectrum analyser very crowded and confusing.
In order to successfully identify and locate these types of attack a new breed of TSCM equipment needed to be developed.
For many years TSCM teams used commercially available Wi-Fi installer software programmes to try and identify a Wi-Fi surveillance threat. Unfortunately, these software packages and Wi-Fi testing devices are not designed for TSCM so do not offer the required functions.
To answer this problem QCC global developed a dedicated TSCM Wi-Fi and Bluetooth detection and location system called Sentinel. This system is designed to identify access points and devices via MAC address, signal strength, activity level (uplink & downlink), probes and location.
The QCC Sentinel has the function to direction find associated and associated Wi-Fi access points and devices and connected and unconnected Bluetooth systems. The system can also be used to log all Wi-Fi and Bluetooth MAC address information in a search area. The correlation between different missions’ function, enables tactical use of the system, to track target devices. The Sentinel’s software has a function to hide Randomise MAC addresses for Wi-Fi and Bluetooth.
QCC has also added a function to the Sentinel to help automatically identify the characteristics of new Wi-Fi store and forward surveillance devices.
The internal broadband Bluetooth radio in the Sentinel covers all Bluetooth protocols and can detected locate an identity connect and unconnected Bluetooth devices. Most available Bluetooth hardware and software detectors can only show the user decerebrate Bluetooth which is a much lower threat.
The QCC Sentinel has been designed for TSCM Engineers by TSCM Engineers.
