Pinterest Stumbleupon Whatsapp
Advertisement

Sometimes it feels as though we can’t go one day without yet another hack of a major organisation. You only have to look at the recent revelation from Yahoo that a staggering one billion user accounts were stolen Yahoo Reveals Yet Another Giant Security Breach Yahoo Reveals Yet Another Giant Security Breach Another day, another Yahoo hack. This one dating back all the way to 2013. This particular security breach resulted in the user data of 1 billion Yahoo accounts being stolen. Read More to see evidence of this growing trend.

It may seem tempting to believe that taking your PC offline will help. After all, it’s the internet that allows the hackers access to your computer and data, right? With a growing regard for keeping a PC offline when it holds sensitive data, there is evidence emerging that it may not be as safe as you might imagine.

The Rogue USB Conundrum

The TV series Mr. Robot became a smash hit when Season 1 launched in 2015. It’s portrayal of hackers, digital security, and internet culture 6 Ways Mr. Robot Is Putting Linux in the Public Eye 6 Ways Mr. Robot Is Putting Linux in the Public Eye Mr. Robot debuted in 2015 to critical acclaim. But did you know that there's quite a bit you can learn about Linux from watching Mr. Robot? Read More were some of the most accurate and entertaining ever seen in mainstream media.

One scene in particular left a lot of people surprised to learn about a social engineering technique How To Protect Yourself From These 8 Social Engineering Attacks How To Protect Yourself From These 8 Social Engineering Attacks What social engineering techniques would a hacker use and how would you protect yourself from them? Let's take a look at some of the most common methods of attack. Read More , where infected USB drives are left in strategic places near the device the hacker wants to infiltrate.

The attack relies on a well-meaning employee to pick up the malicious USB device and insert it into the PC in the hopes of returning the lost device to its owner. They are then horrified to find that their PC has been infected with malware. Even worse is when a hacker has chosen to display no signs at all of the hack, leaving the vulnerable PC undetected.

A variation of this attack is through the use of the ominously titled USB Killer. Ostensibly the USB Killer is actually a legitimate tool for surge protection Do You Really Need a Surge Protector? Do You Really Need a Surge Protector? A surge protector is not the same thing as a power strip! Here's how they're different and why you need surge protectors instead, as well as how to choose a good one. Read More . In reality, the device plugs into the computer, and renders it useless by delivering a catastrophic burst of power. Although the end goal is different, the attack is the same; the abuse of a PC.

The Air Gap Isn’t Enough

There are situations where the data held by an organisation is so sensitive that extra steps are taken to protect it. One such method is known as “air gapping”. This is where a PC is completely removed from a network or internet connection to isolate it. If the setup is NATO compliant, the PC will also be positioned away from outside walls and all wiring to prevent any electromagnetic or electrical attacks.

While in theory an air gapped computer is protected from exploitation, there has been a some research which suggests that the technique may not be quite as secure God of the Air Gaps: How Malware Can Be Spread By Microphone God of the Air Gaps: How Malware Can Be Spread By Microphone What if I told you that malware could be passed around using the unlikely medium of computer speakers and microphones? Read More as once thought.

The Bittersweet Whirring of the HDD

Research conducted at Ben-Gurion University focused not on how an air gapped computer came to be infected — but on the way that information was then leaked. The researchers named their extraction method DiskFiltration.

You are probably familiar with the gentle whirring sound that your HDD makes when you are starting up or using your computer. This is caused by the physical movement of the arm reading and writing data to the disks in the hard drive. Think of it like a vinyl player playing a record.

Most computers will have some form of audio hardware like speakers which can be used to transmit audio information. However, an air gapped PC would not have access to audio hardware, so in its absence, the noise emitted from the hard drive is used to discreetly leak data to a smartphone or smartwatch receiver up to two meters away.

The researchers identified two scenarios where this attack would be relevant. The first is when a PC is air gapped. The other is when a network or internet connected PC is being heavily monitored for unusual activity or intruders. During testing, they were able to transfer data up to two meters at a rate of 180 bits/min — or 10,800 bits/hour.

There is a silver lining though; the attack only works for HDDs which require physical movements to operate. A modern replacement is the solid state disk (SSD) which has no moving parts How Do Solid-State Drives Work? [MakeUseOf Explains] How Do Solid-State Drives Work? [MakeUseOf Explains] Over the past few decades, there has been a considerable amount of work in the field of computer hardware. While computer technology is constantly improving and evolving, rarely do we experience moments where we simply... Read More  and eliminates any noise.

Eavesdropping on Your Fans

Not content with finding one intriguing method of audio eavesdropping, the researchers at Ben-Gurion University developed a similar method of extracting information through the sound of an air gapped PC’s fans.

In order to keep the internal components of a PC operating at optimal performance, they need to be kept within a certain temperature range. A PC fan allows some of the heat generated to be removed from the PC. In a typical PC there is a feedback loop between the fan and the motherboard. The fan reports to the motherboard the rotation speed. The motherboard can then determine if the fan needs to be sped up or slowed down depending on the internal temperature.

Known as Fansmitter, the attack exploits this feedback loop by overriding the optimal settings for internal temperature. Instead, the fan speed is adjusted to emit a certain frequency of noise which can transmit data. This audio transmission is then picked up by a receiver device like a smartphone. While the researchers suggest countermeasures to prevent this type of attack, there is no single protection method. The most effective countermeasure is either to install low noise fans or a water cooling system.

The Heat of the Moment

At this point it may seem as though the only way to hack an air gapped machine is using audio. However, those incredibly productive researchers at Ben-Gurion University have developed a method of defeating the air gap with heat.

This method, named BitWhisper, is more complicated to set up than the previous two exploits. It first presumes that the air gapped PC is within 15 inches of a networked PC. The network PC is either networked internally, or to the outside world via the internet. Both PCs also need to be infected with malware. This is less of a problem for the networked machine, as well known exploits exist for attackers to infect the computer remotely. However, the air gapped PC must also be infected. This can be done through USB attacks or supply chain manipulation, but requires a lot more planning.

Once both machines are infected the air gapped PC can be instructed to generate specific heat patterns by increasing and decreasing the load on the CPU. The networked PC can sense these temperature fluctuations using its internal sensors and interpret them as data. The networked PC can also send commands to or request data from the air gapped PC.

Out of the three exploits, this has the slowest data transfer at just 8 bits/hour. However, the small fluctuations in heat are invisible and almost impossible to detect. That said, the scenario needs to be very specifically constructed, and is probably the least likely to be seen in the wild.

Your Keyboard Gives You Away

If you are reading this article on a computer or laptop your phone is likely somewhere near you, possibly even on your desk. You may reconsider this in future as researchers have found a method of recording your typing using your phone’s accelerometer.

While smartphones manage access to your location or camera with defined permissions, the same isn’t true for all of your phone’s sensors. One such sensor is the accelerometer which is used to detect tilting and orientation. If your phone is on your desk, the small vibrations from typing on a keyboard is enough to be captured by the accelerometer.

The researchers from MIT and Georgia Tech were able to use a neural network assign the vibrations to a relative location on the keyboard. The relative positions were then compared with a selection of dictionaries. During testing they were able to recreate words typed on a nearby keyboard with up to 80% accuracy.

The paper does note that due to the complexity and relatively low accuracy, this type of attack would be unlikely. However, this research was published in 2011. In the intervening years the sensors in smartphones have improved, along with our understanding of machine learning. It wouldn’t be surprising if the accuracy of this attack had increased when using a modern smartphone.

Still Safer Than the Internet

While it is technically possible to hack an offline PC, it isn’t easy. Most of these attacks can only be applied to specific sites or situations, in contrast to the simultaneous distribution of malware online. Hackers also need a compelling reason to go to the effort to break into your device. While governments and infrastructure companies around the world require this level of security, your data is likely to go untouched.

Still, it’s a sobering reminder that digital security is a continuous process. Engineers implement new security systems and hackers find ways to exploit them. This is no less true even if you unplug from the internet.

Have you ever had to go offline to protect a PC? How did you do it? Have you seen any of these attacks in the wild? Let us know in the comments below!

Image Credit: KYTan and Brothers Good via Shutterstock.com

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. ReadandShare
    December 28, 2016 at 7:41 pm

    Autoplay is disabled on my Win 10 laptop. Am I safe from rogue USB's running malware automatically? Or can I actually stick in a USB and c-a-r-e-f-u-l-l-y examine its contents using Win Explorer -- taking care not to execute any files?

    • ReadandShare
      December 29, 2016 at 12:36 am

      I should also like to add that in addition to disabling Autoplay, I also sign on regularly as a standard (non-admin) user. Would the two together effectively prevent program(s) lurking in a USB flash drive from auto playing the drive and then auto installing / executing themselves?

      • James Frew
        December 29, 2016 at 1:37 am

        Pretty much spot on. Disabling Auto-Play is the most important change to stop a rogue executable from starting up. However, it doesn't prevent it from running if you accidentally open it, or if its set to run on a certain command. The best defence here is to have an up-to-date anti-virus. Nice idea to run as a standard user too, and if running Windows 7 and above you can enforce the User Account Control (UAC) that will alert you if a program tries to run or install. My main advice would be never plug in a USB device unless you know where its been.

        • ReadandShare
          December 29, 2016 at 2:10 am

          Thanks, James. Curiosity kills the cat, indeed. I was curious just how good Windows 10 defenses are -- when we make use of them as intended.

        • Jouni "rautamiekka" J√§rvinen
          December 29, 2016 at 4:02 pm

          Don't get too hoping, ReadandShare, as the Windows Defender which I recall is called differently in 10 from 7, is absolutely worthless. You can pick almost any review and find it sucking more than an infant. Hell, you can ask for better security consulting from an infant !

          The Windows Firewall may be pretty good, but should it get messed up the only way to repair it is OS reinstallation, therefore get a 3rd-party firewall instead.

        • James Frew
          December 31, 2016 at 12:44 am

          Microsoft Security Essentials (the precursor to Windows Defender) showed mixed to poor results at AV detection. However, Windows Defender (which comes bundled with Windows 10) has fared much better. That said we did a round up of the best security software for Windows 10 that may help. A good anti-virus software is only one part of the puzzle though and remaining vigilant (and taking precautions as ReadandShare has) will have benefits too.