HomeĐời Sống8 technologies that can hack into your offline computer and phone

8 technologies that can hack into your offline computer and phone

06:52, 06/04/2021
Some people believe taking a computer offline makes it impossible to lớn hachồng. These offline PC attacks show it"s not as safe as you imagine.

Bạn đang xem: 8 technologies that can hack into your offline computer and phone

Rows of computers in a room
Data breaches are rapidly becoming a part of everyday online life. Even a cursory glance at the news highlights the latest leak of confidential or personal information onlớn the internet. While many people are increasingly concerned by these developments, it can often seem as though you are powerless against them.

Some suggest taking your PC offline khổng lồ isolate your data away from the online world. Without a connection to the outside, your data should be safe, right? However tempting it might seem as a solution, it might not be the fail-safe you were hoping for.

1. USB Drives and Social Engineering

USB drive sầu on top of a laptop keyboard Oleksandr_Delyk/Shutterstoông xã
The TV show Mr. Robot introduced a broad audience to online security và hacking. It even gained favor with the infosec community for its accurate portrayal of hacking, mạng internet culture, và hacking tools. Unlike the similarly-themed but widely-mocked 1995 film, Hackers, Mr. Robot went to lớn great lengths to lớn educate, as well as entertain, its viewers.

In the show"s first series, an attaông xã was put into lớn motion after some infected USB drives were left strategically near the building the hacker wanted khổng lồ infiltrate. This is a size of social engineering attack. The assailant knew that if one person picked up an infected drive, they would quite likely take it inside, plug it into lớn a computer, and see what"s stored on it.

This is often done in good faith, as they want khổng lồ return the drive sầu lớn whoever may have mislaid it. The attacker takes advantage of this human trait, effectively tricking the victim into loading malicious software onkhổng lồ the target computer via the infected flash drive. This type of manipulation is known as social engineering.

As they don"t want to draw attention khổng lồ the haông xã, there is usually no visible sign that the computer has been compromised, so the victyên doesn"t take further action to defkết thúc against the attack. This leaves the now-vulnerable PC unprotected và open for the attacker khổng lồ exploit.

In the context of an offline PC, a rogue USB drive sầu could be used in a range of attacks, even ones where the intruder has physical access khổng lồ the computer lớn load malicious software themselves via the infected storage device. The CIA used this in an attachồng known as Brutal Kangaroo, & Wikileaks exposed the technique as part of the Vault 7 disclosure in 2017.

If an organization has highly sensitive sầu data or systems, they may consider air-gapping the host computer. In this case, the PC is taken offline, but it is also physically disconnected from the internet & all internal networks to effectively isolate it. If the thiết đặt is NATO compliant, the PC will also be positioned away from outside walls and all wiring khổng lồ prevent electromagnetic or electrical attacks.

Air gapping is widely considered an appropriate way khổng lồ protect high-value systems from exploitation, but some research suggests that it may not be as secure as once thought. Studies conducted at Ben-Gurion University examined how an air-gapped computer may be compromised, but without malicious software installed, access khổng lồ the PC, or social engineering.

The extraction method, known as DiskFiltration, relies not on exploiting the computer but analyzing its sounds. Although Solid State Drives (SSDs) are becoming more commonplace, many of us still rely on Hard Disk Drives (HDDs). These devices store data on a disk, much like a vinyl record. Similarly, the HDD requires the movement of an arm across the drive sầu khổng lồ read và write data.

This physical movement generates noise, which we perceive sầu as a low background hum or whirring. However, in a DiskFiltration attack, the drive"s noises are used lớn glean the information stored on them. Air-gapped computers usually don"t have speakers or microphones attached, so they can"t amplify the hard drive"s audio. Instead, this noise is relayed khổng lồ a smartphone or smartwatch receiver up to lớn two meters away. This exploit is just one of the ways that an air-gapped PC isn"t really secure.

While this can affect air-gapped computers, it can also be used khổng lồ compromise network-connected devices, even if they are heavily monitored for security events or intruders. During testing, the DiskFiltration attaông xã could transfer data at 180 bits per minute, or 10,800 bits per hour. Fortunately, this attaông xã is ineffective against devices with SSDs as there are no moving parts, and thus, no noise.

Xem thêm: Tiết Lộ Bất Ngờ Về Clip Học Sinh Tát Cô Giáo

While it seems logical that hard drives might leak data in unexpected ways, it"s harder to lớn imagine other computer components doing the same. However, the Ben-Gurion University researchers developed a similar method for extracting information from an offline PC using the computer"s fans. This attack is known as Fansmitter.

Your computer"s fans enable air to lớn pass over the warm, sometimes hot, internal components of your computer. The exhausted air removes heat from the system to keep your computer operating at optimal performance. In most computers, there is an ongoing feedback loop between the bạn & the motherboard. The fan"s sensors report rotation speeds bachồng to the motherboard.

The computer calculates whether the fans need khổng lồ be increased or decreased based on the temperature. The Fansmitter attaông chồng exploits this feedbaông chồng loop by overriding the stored optimal temperature value. Instead, the tín đồ tốc độ is adjusted to lớn emit a particular frequency, which can be used khổng lồ transmit data. As with DiskFiltration, the resulting audio is captured by a điện thoại thông minh receiver. The most effective sầu countermeasure is either khổng lồ install low noise fans or a water-cooling system.

While many offline PC hacks rely on analyzing noises & audio outputs, there are alternative methods. The BitWhisper attack uses heat to compromise an offline computer. First, there are several caveats khổng lồ this exploit. There need khổng lồ be two computers; one offline & air-gapped, the other connected lớn a network. Both machines also need lớn be infected with malware.

The two devices must be within 15 inches of each other. Given this exact cài đặt, it"s the least viable for real-world application but is still theoretically possible. Once all pre-conditions have been met, the networked PC changes the room"s temperature by adjusting the load placed on its CPU and GPU. The thermal sensors on the air-gapped PC detect these changes và adapt bạn performance khổng lồ compensate.

Using this system, BitWhisper uses the networked computer khổng lồ skết thúc commands to the air-gapped PC. The offline computer converts the sensor data inkhổng lồ binary, so either a 1 or a 0. These inputs are used as the basis for computer-to-computer communication. Aside from the precise cài đặt needed lớn make this work, it"s also a slow attack method; it achieves a data transfer rate of just eight bits per hour.

Keyboard with its wire cut Abramoff/Shutterstoông chồng
Although many of us now use wireless keyboards, wired varieties are still comtháng worldwide, especially in business or institutional settings. These facilities are most likely to be storing sensitive data and systems, & therefore the most at risk of attachồng.

When you press a key on a wired keyboard, it is converted into lớn a voltage & transmitted lớn the computer via the cable. These cables are unshielded, so the signals leak into lớn the PC"s main power cable. By installing monitors are the electrical socket, detecting these small changes in power requirements is possible.

Although the data initially looks messy & unclear, once a filter is applied to lớn remove background noise, it becomes possible to assess individual keystrokes. However, this type of attachồng is only possible for PCs that are consistently plugged into lớn the mains.

Portable devices like laptops can also leak data from the keyboard. During a presentation at Blaông chồng Hat in 2009, titled "Sniffing Keystrokes With Lasers và Voltmeters," the researchers showed that by pointing a laser toward a laptop"s keyboard, it was possible lớn translate vibrations from keypresses into lớn electrical signals.

Due lớn the laptop"s construction và thiết kế, each key has a unique vibration protệp tin when pressed. An attacker could gather precisely what was typed on the keyboard without malware lượt thích keyloggers by assessing the electrical signals.

Still More Secure Than a Networked PC

These attacks demonstrate that it is possible lớn haông chồng an offline PC, even if you don"t have sầu physical access. However, although technically feasible, these attacks aren"t straightforward. Most of these methods require a particular setup or optimal conditions.

Even then, there"s a lot of room for error as none of these attacks directly captures the desired data. Instead, it has to be inferred from other information. Given the difficulty in attacking an offline or air-gapped PC, many hackers have found an alternative sầu route; installing malware before the computer reaches its destination.

supply chain attachồng feature
What Is a Supply Chain Hachồng & How Can You Stay Safe? Can"t break through the front door? Attack the supply chain network instead. Here"s how these hacks work.