Sometimes it feels as though we can’t go one day without yet another hack of a major organisation. You only have to look at the recent revelation from Yahoo that a staggering one billion user accounts were stolen to see evidence of this growing trend.
It may seem tempting to believe that taking your PC offline will help. After all, it’s the internet that allows the hackers access to your computer and data, right? With a growing regard for keeping a PC offline when it holds sensitive data, there is evidence emerging that it may not be as safe as you might imagine.
The Rogue USB Conundrum
The TV series Mr. Robot became a smash hit when Season 1 launched in 2015. It’s portrayal of hackers, digital security, and internet culture were some of the most accurate and entertaining ever seen in mainstream media.
One scene in particular left a lot of people surprised to learn about a social engineering technique, where infected USB drives are left in strategic places near the device the hacker wants to infiltrate.
The attack relies on a well-meaning employee to pick up the malicious USB device and insert it into the PC in the hopes of returning the lost device to its owner. They are then horrified to find that their PC has been infected with malware. Even worse is when a hacker has chosen to display no signs at all of the hack, leaving the vulnerable PC undetected.
A variation of this attack is through the use of the ominously titled USB Killer. Ostensibly the USB Killer is actually a legitimate tool for surge protection. In reality, the device plugs into the computer, and renders it useless by delivering a catastrophic burst of power. Although the end goal is different, the attack is the same; the abuse of a PC.
The Air Gap Isn’t Enough
There are situations where the data held by an organisation is so sensitive that extra steps are taken to protect it. One such method is known as “air gapping”. This is where a PC is completely removed from a network or internet connection to isolate it. If the setup is NATO compliant, the PC will also be positioned away from outside walls and all wiring to prevent any electromagnetic or electrical attacks.
While in theory an air gapped computer is protected from exploitation, there has been a some research which suggests that the technique may not be quite as secure as once thought.
The Bittersweet Whirring of the HDD
Research conducted at Ben-Gurion University focused not on how an air gapped computer came to be infected — but on the way that information was then leaked. The researchers named their extraction method DiskFiltration.
You are probably familiar with the gentle whirring sound that your HDD makes when you are starting up or using your computer. This is caused by the physical movement of the arm reading and writing data to the disks in the hard drive. Think of it like a vinyl player playing a record.
Most computers will have some form of audio hardware like speakers which can be used to transmit audio information. However, an air gapped PC would not have access to audio hardware, so in its absence, the noise emitted from the hard drive is used to discreetly leak data to a smartphone or smartwatch receiver up to two meters away.
The researchers identified two scenarios where this attack would be relevant. The first is when a PC is air gapped. The other is when a network or internet connected PC is being heavily monitored for unusual activity or intruders. During testing, they were able to transfer data up to two meters at a rate of 180 bits/min — or 10,800 bits/hour.
There is a silver lining though; the attack only works for HDDs which require physical movements to operate. A modern replacement is the solid state disk (SSD) which has no moving parts and eliminates any noise.
Eavesdropping on Your Fans
Not content with finding one intriguing method of audio eavesdropping, the researchers at Ben-Gurion University developed a similar method of extracting information through the sound of an air gapped PC’s fans.
In order to keep the internal components of a PC operating at optimal performance, they need to be kept within a certain temperature range. A PC fan allows some of the heat generated to be removed from the PC. In a typical PC there is a feedback loop between the fan and the motherboard. The fan reports to the motherboard the rotation speed. The motherboard can then determine if the fan needs to be sped up or slowed down depending on the internal temperature.
Known as Fansmitter, the attack exploits this feedback loop by overriding the optimal settings for internal temperature. Instead, the fan speed is adjusted to emit a certain frequency of noise which can transmit data. This audio transmission is then picked up by a receiver device like a smartphone. While the researchers suggest countermeasures to prevent this type of attack, there is no single protection method. The most effective countermeasure is either to install low noise fans or a water cooling system.
The Heat of the Moment
At this point it may seem as though the only way to hack an air gapped machine is using audio. However, those incredibly productive researchers at Ben-Gurion University have developed a method of defeating the air gap with heat.
This method, named BitWhisper, is more complicated to set up than the previous two exploits. It first presumes that the air gapped PC is within 15 inches of a networked PC. The network PC is either networked internally, or to the outside world via the internet. Both PCs also need to be infected with malware. This is less of a problem for the networked machine, as well known exploits exist for attackers to infect the computer remotely. However, the air gapped PC must also be infected. This can be done through USB attacks or supply chain manipulation, but requires a lot more planning.
Once both machines are infected the air gapped PC can be instructed to generate specific heat patterns by increasing and decreasing the load on the CPU. The networked PC can sense these temperature fluctuations using its internal sensors and interpret them as data. The networked PC can also send commands to or request data from the air gapped PC.
Out of the three exploits, this has the slowest data transfer at just 8 bits/hour. However, the small fluctuations in heat are invisible and almost impossible to detect. That said, the scenario needs to be very specifically constructed, and is probably the least likely to be seen in the wild.
Your Keyboard Gives You Away
If you are reading this article on a computer or laptop your phone is likely somewhere near you, possibly even on your desk. You may reconsider this in future as researchers have found a method of recording your typing using your phone’s accelerometer.
While smartphones manage access to your location or camera with defined permissions, the same isn’t true for all of your phone’s sensors. One such sensor is the accelerometer which is used to detect tilting and orientation. If your phone is on your desk, the small vibrations from typing on a keyboard is enough to be captured by the accelerometer.
The researchers from MIT and Georgia Tech were able to use a neural network assign the vibrations to a relative location on the keyboard. The relative positions were then compared with a selection of dictionaries. During testing they were able to recreate words typed on a nearby keyboard with up to 80% accuracy.
The paper does note that due to the complexity and relatively low accuracy, this type of attack would be unlikely. However, this research was published in 2011. In the intervening years the sensors in smartphones have improved, along with our understanding of machine learning. It wouldn’t be surprising if the accuracy of this attack had increased when using a modern smartphone.
Still Safer Than the Internet
While it is technically possible to hack an offline PC, it isn’t easy. Most of these attacks can only be applied to specific sites or situations, in contrast to the simultaneous distribution of malware online. Hackers also need a compelling reason to go to the effort to break into your device. While governments and infrastructure companies around the world require this level of security, your data is likely to go untouched.
Still, it’s a sobering reminder that digital security is a continuous process. Engineers implement new security systems and hackers find ways to exploit them. This is no less true even if you unplug from the internet.
Have you ever had to go offline to protect a PC? How did you do it? Have you seen any of these attacks in the wild? Let us know in the comments below!
Image Credit: KYTan and Brothers Good via Shutterstock.com