A security researcher has dismissed the “sophisticated NSA-level” bug found in Eskom CEO’s Volvo as nothing ‘particularly intricate nor something advanced nation-state clandestine services would use’.
Co-author of the OWASP Application Security Verification Standard and Blackhat review board member Daniel Cuthbert told tech publication My Broadband that De Ruyter’s bug was a ‘perfectly mundane, off-the-shelf device with very limited capabilities’.
“Honestly, it looks like a gate remote,” Cuthbert said.
The Sunday Times and News 24 reported, this weekend, that De Ruyter discovered the bug under the driver’s seat when he was cleaning his vehicle on Friday last week.
The Sunday paper reported that a preliminary investigation by a forensic company described the device as ‘highly sophisticated’ and could be used for tracking, listening, smart RFID, metering applications, keys, Internet of Things, and telemetry devices.
But Cuthbert, upon analysing photos of De Ruyter’s bug online, suggested the exact opposite.
ALSO READ: Eskom confirms de Ruyter’s car was bugged
The biggest tell, Cuthbert explained to My Broadband, was that photos of the back of De Ruyter’s bug reveal that it uses a CR2032 lithium coin battery.
“Such a low-power battery would drain very fast if used to drive a GPS module for tracking De Ruyter’s location.”
Cuthbert told the publication that he expected an “NSA-level” tracking device to use a lithium polymer battery.
Cuthbert noted several other issues aside from the battery choice that suggested this was not an advanced tracking or listening bug.
He noted the circuit board has silkscreened markings on it, test pins, and a sticker with a serial number.
“A state-sponsored intelligence agency would more likely use custom boards without clear markings,” he said.
Compiled by Narissa Subramoney
NOW READ: Experts fear De Ruyter has become the target of criminal networks
Download our app and read this and other great stories on the move. Available for Android and iOS.