deviceOwl - How to Check Variants of Trusted Devices
What is a "Trusted Brand with Known Surveillance Variants"?
In some cases, covert surveillance devices are created by third parties, who modify existing, trusted brand devices to add surveillance capabilities. This severity level is displayed when you encounter this type of device.
This is typically done by fastening a module with surveillance capabilities inside an available area within the device, and drilling holes for the camera, IR emitter, and microphone.The device may retain it's original functionality, which increases it's ability to remain undetected.
These types of product modifications are more severe, since the product is more likely to be instinctively trusted because of an existing, established brand name, combined with the legitimate, practical appearance and functionality of the device.
We have seen instances of these modifications that include coffee makers, fans, electrical outlets, shaving cream, deodorant, and more.
The device can look so identical to the original, deviceOwl may not be able to accurately differentiate it from the original device. When deviceOwl detects these types of devices, it will indicate this with a Severity level called "Trusted Brand with Known Surveillance Variants", as indicated in the screenshot. You'll need to perform additional checking on the device to determine whether it has surveillance capabilities.
The following steps can help you check whether a legitimate product has added surveillance capabilities.
Important: To ensure you stay safe, please follow the safety guidance in deviceOwl that can be accessed via the steps icon from the main screen, and selecting "Your Safety".
Part 1: Checking for Cameras/Lenses
When camera lenses are embedded into devices, they may produce a reflection when you shine a torch or light onto the lens. In many cases, the lenses are shielded with tinted covers, which can make them more difficult to see, even with a torch.
1) Perform a Google search on the device brand/model number reported by deviceOwl, to retrieve some original pictures of the device. Review these pictures of the device carefully, to build familiarity of what the trusted brand device is meant to look like.
2) If possible, turn off and unplug the device.
3) Using the original pictures of the device, carefully check the exterior of the device for any discrepancies that make the device appear different or unusual, when compared with the device photos.
Some examples include:
- Lenses that may be mounted just behind the face of the device
- Small holes that have been drilled into the face of the device
- Attachments that appear to have been added to the device
4) For any discrepancies you observed in the casing, review each one. For holes that appear in the casing, shine a torch into the hole. If you see a reflection, and the hole doesn't appear on the original picture of the device, then you may have a device that has been modified.
5) If you don't find anything, and the device has other vents or openings, use the flashlight technique to look for reflections within these additional areas.
Part 2: Checking for Infrared (Night Vision) Lights
Infrared LED's are used by many devices to enable night vision capabilities. These LED's may produce a faint, visible glow when the room lights are turned off. In many cases, these LED's are shielded with tinted covers, which can make them more difficult to see. Generally speaking, the camera on your smartphone is better at "seeing" these LED's than humans.
1) Plug in, and if possible turn on the device. Note the location of any lights that indicate that the appliance is turned on, and in normal operation.
2) Turn off the lights in the room, and close the blinds/curtains so that you have a completely dark environment in which to perform the checking. It may be easier to wait until the evening before you do this.
3) Turn OFF the flash on your smartphone, then use it to take several photos of the device from different angles.
4) Turn on the lights again.
5) Examine the photos you took for any lights that appear in addition to the lights that you noted in step 1. If you see any additional lights, then you might have a device that has been modified.