Several media outlets including the Sunday Times and News24 recently reported that a “sophisticated tracking device” was found under the driver’s seat in the car of Andre de Ruyter, the CEO of Eskom, South Africa’s troubled power utility provider.
De Ruyter hired a firm to investigate the origins and capabilities of the device said that “This (the bugging device) is not something ordinary private detectives use and it is not available on the open market. We are talking about a sophisticated, National Security Agency-level device, typically used by law enforcement and intelligence agencies, that can send and receive signals”
A photo taken by the investigators shows a PCB about the size of a keyfob with several integrated circuits, traces, pin outs, a barcode, and space for a CR2032 battery. Security Researcher Daniel Cuthbert said in an interview with Mybroadband that in his opinion this a typical off shelve device with limited capabilities and that the battery used in the device would run out quickly if used for tracking de Ruyter’s location.
Dominic White and other community members chimed in on a Twitter thread to locate the board and components in which renowned hardware security researcher Joe FitzPatrick was able to identify a TI CC1120A board that has very similar components. What is clear is that board that was found in de Ruyter’s vehicle is not a “sophisticated device” but rather a board made with components that are extremely cheap and likely readily available on specialist e-commerce or electronics websites.
Daniel Cuthbert mentioned that in his opinion nation state actors wouldn’t use boards such as the one above and would instead rely on custom made boards. While I agree that state actors would probably use more devices with more capabilities, I disagree that they would not use off the shelf components. Intelligence agencies, especially western intelligence agencies, love plausible deniability as they get super embarrassed when they are caught or discovered during an operation. Using off the shelf common components means that anyone who is good with electronics could behind such an act. Using custom made boards could make it easier to track and demonstrate that a certain level of skill was involved. It should be noted that making custom boards has become increasingly easier over time as various 3rd party services and printers have come to market.
For reference, here is an actual NSA implant that is part of the NSA’s catalogue of implants that was disclosed as part of the Snowden documents:
I do not believe that a nation state actor was behind the device and in my opinion the 2 most likely explanations is that the device is benign and was accidently left behind after a service, or that it is a tracking device that was planted by a criminal syndicate with ties to the corruption happening at Eskom.
Finding suspicious devices of unknown origin in vehicles can really be unnerving to any owner that finds it. Earlier this year, the Electronic Frontier Foundation (EFF) launched an investigation into a mysterious GPS tracking device that was found in a supporters vehicle. Initial research showed that many people living in the US had found the exact or similar devices in their vehicles and did not know how the devices got there. Further investigation by the EFF through device interactive diagnostics and contacting the supplier showed that the device was an anti-theft device.
Update 2022-10-05:
The device found in his car has been identified as a panic button
