This is an illustrative guide to a well-known concealment technique and how it is detected. It is a representative scenario for education — not an account of a specific client engagement. We never reference real clients.
An executive's desk is one of the most valuable square metres in any organisation — and one of the easiest for an attacker to reach. Here is how a classic concealment works: a covert listening device built into a laptop docking station, and how a professional sweep finds it.
Why the desk — and why the docking station
Executives are most worth listening to during sensitive periods: an acquisition, a results announcement, litigation, a major negotiation. The attacker's problem is concealment, and a docking station solves it elegantly. It is expected IT equipment, it sits permanently on the desk a metre from the conversation, it has constant mains power, and it often carries a network connection. A device hidden inside hides in plain sight — nobody questions the dock that has always been there.
How a device like this works
Imagine a small cellular (GSM/4G) module with a sensitive microphone built into the casing. Three design choices make it dangerous:
- It transmits over the mobile network. The eavesdropper simply calls the device from anywhere in the world to listen to the room live — there is no local receiver to find and no obvious Wi-Fi or Bluetooth signal.
- It draws power from the dock. Wired to the docking station's supply, it runs indefinitely and never needs a battery change or a return visit.
- It can bridge to the network. If connected to the dock's network port, the same implant can expose the corporate network — turning an audio bug into a data-exfiltration foothold.
Because it relies on the cellular network rather than constant local radio, casual "RF detector" apps and quick walk-arounds routinely miss it. It only needs to transmit when called.
The warning signs are subtle
- IT equipment you don't remember receiving, or a "replacement" dock left after an unscheduled service visit.
- The device noticeably warm when the computer is off.
- Faint interference on a nearby desk phone or speaker.
- Information leaking that was only ever discussed at that desk.
How a professional sweep finds it
A methodical TSCM inspection assumes exactly this kind of professional concealment, and layers several techniques so that no single trick defeats it:
- Cellular & RF spectrum analysis — to detect transmissions across mobile bands, including short bursts.
- Non-linear junction detection (NLJD) — reveals the electronics inside the casing even when the device is dormant and not transmitting. This is the key tool against "call-to-listen" bugs.
- Physical inspection — opening and comparing suspect items against a known-good unit, the only reliable way to confirm a modified casing.
- Network-port and thermal checks — to catch a wired implant or an unexpected heat signature.
If you suspect a device
Do not dismantle it, and do not discuss your suspicion in the room. Critically, do not contact a specialist from that desk's phone, computer or network — if the desk is compromised, so might be the line. Behave normally and arrange a sweep from a safe location.
The takeaway
The docking-station bug is one pattern among many — the same logic appears in modified USB chargers, smart TVs, telephone cabling and vehicle trackers. The common thread is that professional concealment is designed to beat casual checks; only a disciplined sweep with the right equipment turns suspicion into certainty, and produces a documented, court-usable report.
Concerned about a specific room or device?
Speak with a government-trained TSCM specialist, in complete confidence. NDA before any detail is discussed. Do not contact us from inside the space you believe is compromised.
Request a Confidential ConsultationPrefer email? Write to tscm@bureausecuritas.com
Frequently asked questions
Can a listening device really work over the mobile network?
Yes. A cellular bug can be called from anywhere to stream room audio live, which is exactly why simple local RF checks often miss it. Detection requires spectrum analysis across cellular bands and non-linear junction detection.
Would our IT team or antivirus catch this?
Usually not. It is a hardware device, not software, and may never touch the computer's operating system. It is a physical and radio-frequency problem rather than a purely cyber one — though the two can overlap.
How can a sweep find a bug that isn't transmitting?
A non-linear junction detector reveals electronic components inside an object whether or not they are powered or transmitting, so dormant "call-to-listen" devices are still detectable during a physical search.