The “NSA-level sophisticated” bug that Eskom CEO André de Ruyter found in his car is neither particularly complex nor something the advanced clandestine services of nation states would use.
This is according to the security researcher Daniel Cuthbertwho analyzed photographs of the device that the Sunday time and News24 put online.
Cuthbert is co-author of OWASP Application Security Verification Standard and sits on the Blackhat Review Board.
The Sunday Times cited a preliminary report prepared by former police commissioner turned forensic investigator George Fivaz which said the bug is not available on the open market.
Fivaz reportedly said that the a “sophisticated” device is generally used by law enforcement and intelligence agencies, and can send and receive signals.
However, he said the bug was beyond the abilities of ordinary private investigators and even the South African clandestine service.
He added that it could be used for tracking, eavesdropping, smart RFID, measurement applications, keys, Internet of Things and telemetry devices.
“It can send data at up to 1.25 MB/s [sic]”, Fivaz’s agency reportedly said.
Cuthbert said photos of the device posted online suggest the exact opposite – that it’s a perfectly unremarkable out-of-the-box device with very limited capabilities.
The biggest tell-tale, Cuthbert explained, is that photos of the back of the device reveal that it uses a CR2032 lithium coin cell battery.
Such a low-powered battery would drain very quickly if used to drive a GPS module to track De Ruyter’s location.
Cuthbert said he would expect an “NSA-level” tracking device to use a lithium polymer battery.
For comparison, MyBroadband previously used Chipfox trackers which include a GPS module and connect to the Sigfox network.
These are powered by CR123A lithium batteries with a much larger capacity than button cells — 1700mAh compared to 220mAh, according to datasheets on RS Components.
However, even these low-power Chipfox trackers are usually configured only to rarely activate their GPS modules to save battery power. Real-time tracking would wear it out quickly.
Cuthbert said that if he was a secret agent planting a bug in a vehicle he had physical access to, he would wire it directly into the fuse box, completely obviating the need for a battery.
Besides the battery choice, several other issues suggested that the device De Ruyter found was not a tracking or advanced listening bug.
Cuthbert noted that the circuit board has silk-screened markings, test pins, and a sticker with a serial number.
A state-sponsored intelligence agency would more likely use custom tables without clear markings.
There is no microphone or connector where a microphone could be attached.
It also doesn’t have a GSM or other radio module to allow the device to relay data to the alleged ghosts that planted it, nor an obvious way to record conversations for later retrieval.
This then begs the question – if not a tracking or listening device, what is this circuit board that De Ruyter found while cleaning his car?
“Honestly, it looks like a gate remote,” Cuthbert said.