(S//SI//REL) Modified GSM (target) handset that collects user data, location information and room audio. Command and data exfill is done from a laptop and regular phone via SMS – (Short Message Service), without alerting the target.

(S//SI) Target Data via SMS:
• Incoming call numbers
• Outgoing call numbers
• Recently registered networks
• Recent Location Area Codes (LAC)
• Cell power and Timing Advance information (GEO)
• Recently Assigned TMSI, IMSI
• Recent network authentication challenge responses
• Recent successful PINs entered into the phone during the power-on cycle
• SW version of PICASSO implant
• ‘Hot-mic’ to collect Room Audio
• Panic Button sequence (sends location information to an LP Operator)
• Send Targeting Information (i.e. current IMSI and phone number when it is turned on – in case the SIM has just been switched).
• Block call to deny target service.

(S//SI) PICASSO Operational Concept
(S//SI//REL) Uses include asset validation and tracking and target templating. Phone can be hot mic`d and has a “Panic Button” key sequence for the witting user.

(S//SI//REL) Handset Options
• Eastcom 760c+
• Samsung E600, X450
• Samsung C140
• (With Arabic keypad/language option)

Status: 2 weeks ARO (10 or less)
Unit Cost: approx $2000

Thank you for taking the time to read this article! As always keep the faith!
The NSA’s original documentation on PICASSO

The following two tabs change content below.

• Bio
• Latest Posts

Preston Hood

Owner at PJHoodsCo

Hello, my name is Preston Hood. I am the owner of PJHoodsCo, an Information Technology Service Provider (ITSP). I am also a freelance writer and information security researcher.

Latest posts by Preston Hood (see all)

• Information Security in Our World Today - 03/26/2015
• 49 Ways the NSA Can Spy On You - 01/30/2015
• NSA Device – STUCCOMONTANA - 01/27/2015
• NSA Device – PICASSO - 01/26/2015
• NSA Device – IRONCHEF - 01/23/2015