If you’re facing targeted security threats, your problems run deeper than spyware on your devices. You need to check your physical spaces as well—your home, hotel room, office, and so on—for hidden cameras, mics, and other eavesdropping tools that someone may have planted. That means performing regular “technical surveillance counter measures” inspections. In other words? Checking for bugs.
“Hackers bug lots of places, including some people wouldn’t think of,” says Jill Johnston, president of KJB Security Products, a security and surveillance device wholesaler. “Tanning beds, dressing rooms, bathrooms, hidden cameras in an Airbnb, on your car, in your house. You want to be able to scan a room and feel safe.”
Look Around, Look Around
First, take a close look at your surroundings. Carefully check for anything new or out of place, and listen to your gut about whether anything seems off. You don’t have to see the bug itself; installing eavesdropping devices can involve changes as subtle as shifting an object or a piece of furniture. A bug could be lodged in an inconspicuous object planted in plain sight, or it could be glued behind a small hole drilled in a wall.
Next, review the list of devices that are connected to your router for any that you don’t recognize. Usually bugs that need internet connectivity will have a more clandestine plan for accessing the web, though, like using their own hotspot or SIM card, so also check the Wi-Fi networks with a strong signal available around you. Anything that’s not coming from a neighbor or a nearby business, or other likely suspect, could be a bug’s own network.
It’s also important to think about a bug’s power supply. Some may run on a battery, giving them a limited lifespan, but persistent surveillance requires a steady power source. Always follow visible wires, scan for wires in walls, and check outlets, crowded power strips, and extension cords. It’s also worth considering what devices you have in the open that bugs could hide in to steal power. For example, this audio bug (complete with SIM card) hides in a USB to micro-USB cord, drawing power any time the cord is plugged in, while listening to everything around it.
Once you’ve completed a thorough visual and physical inspection, you can use a variety of scanning tools to conduct a more advanced check. Truly spy-grade bugs often incorporate mechanisms to try to defeat scanners, so you’ll have more success if you conduct multiple types of sweeps than if you rely on a one-size-fits-all approach.
“I tell everybody that calls, there’s no one device that I can sell you that will do everything,” says Jon Marshall, president of the surveillance device seller Spy Gadgets.
Now turn off all wireless devices; not just laptops and smartphones but routers, set-top boxes, and that connected refrigerator that seemed like a good idea at the time. Then use a radiofrequency detector from a surveillance product seller—or even Amazon—to scan for transmitters by moving the instrument slowly and methodically around the space. You can also check your clothes and your bags for things like GPS-tracking bugs this way. Some devices show a visual graph of activity, while others make a sound that gets louder as you get closer to an RF-emitting source. Anything broadcasting a radio signal will pop up.
Commercial bugs usually fall in the 10 MHz to 8 MHz range, but some sweeping devices look at 10 hertz all the way to 24 GHz. Reliable instruments that can scan a broad RF range cost hundreds of dollars, but depending on your situation you could opt for cheaper models. Simple bugs can also create static or sound distortions as you turn the dial on a commercial AM/FM radio.
And, if you’re really worried that you’ll miss a bug that you know is somewhere in the room, you can use a white noise machine—or a white noise app on your smartphone—or audio jammer to stymie prying ears.
Some bugs obfuscate their radio frequencies altogether, or might happen to be powered off during your sweep. To identify those, use a device called a “nonlinear junction detector,” which helps sniff out semiconductor electronics. Benign objects—even a nail in a wall—can create false positives, though, so carefully vet whatever turns up. One of the most prominent NLJD manufacturers, Research Electronics International, is based in Tennessee, and offers extensive device training for customers purchasing its Orion bug detectors, which cost about $10,000 to $20,000 depending on the model.
Remember, too, that snoops aren’t just listening; sometimes they watch as well. Fortunately, checking for night-vision cameras comes significantly cheaper than high-end bug detectors; infrared scanners cost about $100 to $300. You can also use IR and visible light emitters (even a flashlight) to scan for the glint of camera lenses reflecting light back. Some apps, like Glint Finder for Android and Spy Hidden Camera Detector for iOS, use your smartphone flash to scan for camera lenses.
Bugs always need a way to deliver the data they’re gathering to their owners, so deep bug sweeps should go beyond regular electronics detection to scan for laser beam and microwave transmission setups. These rigs can encode and send data out of a room to an attacker without using traditional methods. Radiofrequency scanners with a wide enough range check for microwaves, and many general-purpose antisurveillance tools feature laser-detection modes.
Sweeps also shouldn’t be one-off occasions. Record your results, especially if you don’t find anything suspicious, so you can establish a baseline that will help you compare readings over time and detect anomalies down the road. Persistent spectrum analyzers, like Delta X, will watch for changes on a number of different feeds over time, but they cost about $14,000.
It takes Jim Hopper from Stranger Things a long time to tear his house apart looking for government bugs (spoiler: the mic is in an overhead light). And that’s in 1983, when there weren’t a lot of electronics to check. If the process seems daunting or too pricey to undertake alone, there are always professional services who can sweep for you. “If you have a serious problem and it’s a serious threat, hire someone who has all the tools in their tool box and the expertise, and they’ll sweep,” says Spy Gadgets’ Marshall.
There’s a lot you can do yourself, though, before things get too expensive and complicated. Besides, if you’re in that deep, there might not be anyone left you can trust except yourself.
Activist? Journalist? Politician? Consider Yourself a Target, Too:
Encrypt everything, sign up for Google Advanced Protection, take a tour of Tor, and deploy physical measures to increase your digital security.
Advice for Regular Users (the Hackers Are Still Circling):
Master passwords, lock down your smartphone, keep yourself secure from phishers, know how to deal with getting doxed, and, if you have kids, keep them safe online.