warning
The author and the editorial team do not endorse illegal activity. The information in this article is provided for educational purposes only. Please note that the unlawful trafficking of technical devices and invasion of privacy are punishable under Articles 137 and 138.1 of the Criminal Code of the Russian Federation.
info
The device’s firmware source code and schematic are provided for informational illustration only. The device will not operate with the code as published.
This material is presented in this format to help develop users’ analytical thinking and hands-on skills, and to facilitate additional review of the publication. It is also intended to warn users not to attempt to assemble equipment that is restricted for civilian use without an appropriate license from the competent authority.
Officially, only companies with government licenses are allowed to manufacture gear for covert audio surveillance, video monitoring, or extracting data from computers. In theory, these firms are supposed to fulfill government orders only. But simpler spy gadgets are within anyone’s reach. If you know your way around a soldering iron, you can build them yourself, and the parts are easy to buy at any electronics store.
There are several types of surveillance devices:
- radio bugs
- miniature voice recorders
- hidden cameras
- laser eavesdropping
We’ll be assembling a GSM bug—a device with long-range connectivity and a high-capacity battery. With these specs, it can stay on standby for up to ten days and provide live monitoring for up to four hours. Its key advantage is that you can listen in live as events unfold, rather than relying on recordings.
Choosing a disguise
The easiest place to hide something is in plain sight—in something that doesn’t draw attention. Here are some interesting ways to disguise a listening device.
These eavesdropping setups are also attractive because the objects hiding the bugs are almost always plugged into mains power: the bug never runs out of battery and can keep doing its job—transmitting information—for much longer.
If the bug runs solely on its internal battery, we’ll have to think about how to recharge it. In spy movies, that always creates extra complications. We don’t need that.
So my choice is to embed a bug inside a smartphone power bank. People carry it around and charge it frequently, and even if they don’t, the bank itself can power the bug. In my view, it’s an excellent place to hide such a device.
Assembly
To assemble the device, we’ll need:
- SIM800 GSM module
- Arduino Pro Mini
- Power bank case for four 18650 Li‑ion cells
- Two or three 18650 Li‑ion batteries (I used two)
- Microphone
- SIM card
To assemble the device correctly, you need to know the pin assignments on the GSM SIM800 module and the Arduino Pro Mini.
Next, solder the antenna to the GSM module at the NET pad.
- Solder the microphone to the MIC+ and MIC− outputs.
- Connect the GSM module’s RXD and TXD to Arduino pins 6 and 7.
- Solder the module’s Vcc and GND to the Arduino and to the terminals of the external battery.
After soldering all the components in place, make sure the soldering is correct by flashing the microcontroller.
// Include the software implementation library for UART protocol communication#include <SoftwareSerial.h>SoftwareSerial SIM800(7, 6); // RX, TX// Declare a variable to store the module's responseString _response = "";void setup() { // Data rate for communication with the computer Serial.begin(19200); // Data rate for communication with the modem SIM800.begin(19200); Serial.println("Start!"); // Send AT to set up the data rate sendATCommand("AT", true); // Modem setup commands on each startup // Enable caller ID _response = sendATCommand("AT+CLIP=1", true); // Option with DTMF //_response = sendATCommand("AT+DDET=1", true);}String sendATCommand(String cmd, bool waiting) { // Declare a variable to store the result String _resp = ""; // Echo the command to the serial monitor Serial.println(cmd); // Send the command to the module SIM800.println(cmd); // If we need to wait for a response, wait until it's received if (waiting) { _resp = waitResponse(); // If Echo Mode is off (ATE0), these three lines can be commented out if (_resp.startsWith(cmd)) { _resp = _resp.substring(_resp.indexOf("\\r", cmd.length()) + 2); } // Echo the response to the serial monitor Serial.println(_resp); } // Return the result. Empty if there was a problem return _resp;}// Function to wait for a response and return itString waitResponse() { // Variable to store the result String _resp = ""; // Variable to track timeout (10 seconds) long _timeout = millis() + 10000; // Wait up to 10 seconds for a response and check for data or timeout while (!SIM800.available() && millis() < _timeout) {}; return _resp;}void loop() { // If the modem sent something, get the response for analysis if (SIM800.available()) { _response = waitResponse(); // Trim leading/trailing spaces and print the response to the serial monitor _response.trim(); Serial.println(_response); // Whitelist of phone numbers; you can list several separated by commas String whiteListPhones = "+380713337866"; // If there is an incoming call, check for caller ID info. If present, then phoneindex > -1 if (_response.startsWith("RING")) { int phoneindex = _response.indexOf("+CLIP: ""); // Variable to store the detected number String innerPhone = ""; // If the info was found, parse the string and extract the number if (phoneindex >= 0) { phoneindex += 8; innerPhone = _response.substring(phoneindex, _response.indexOf(""", phoneindex)); // Print the number to the serial monitor Serial.println("Number: " + innerPhone); } // Check that the number length is greater than six digits // and that the number is in the list. If so, answer the call if (innerPhone.length() >= 7 && whiteListPhones.indexOf(innerPhone) >= 0) { sendATCommand("ATH", true); } } }}If soldered and flashed correctly, once powered on our listening device will answer incoming calls only from whitelisted mobile numbers specified in the firmware.
Now it’s time to remove the long jumper wires and desolder the LEDs from the Arduino board. Insulate the microphone with heat-shrink tubing, drill a hole for it in the power bank’s case, and use hot glue to secure it and the two boards in the space intended for a single 18650 cell.
In my build I used two batteries, but you can fit three—there’s enough room.
So, we’ve built a GSM bug inside a power bank enclosure. It’s not perfect, of course, but there are several ways to improve it.
- Use an enclosure that can accommodate higher-capacity batteries.
- To extend standalone operation, put the GSM module into sleep mode, and activate the listening function when the battery’s power button is pressed.
- When the external battery’s button is pressed, send a message to the operator of the listening device.
Conclusion
So, we’ve designed and built a GSM bug disguised as an external battery pack. It costs much less than the bugs you can buy online or in specialty stores. You can recreate my device or improve it. Most importantly, remember that privacy is inviolable—don’t use this knowledge for harmful purposes!