MALIKA KAROUM

MALIKA KAROUM

  • Home
  • Inleiding
  • Unite Arab Emirates
  • Blog
  • video’s
  • Promotion
    • Worth for free now
    • Work from Home 2023
    • Gadgets
    • All about Windows
    • about Whatsapp
    • Whats the
    • About websites
    • New Ways
    • New Way of Watching
    • Virtual
    • Website
    • All about Video
    • How to Use
    • YouTube Info
    • All about Twitter
    • The Best of
    • About Apps
    • Google News
    • For Free
    • About This
    • Need More
    • Why should you
    • Iphone news
    • Interesting News
    • About Amazone
    • Some tips
    • About Netflix
    • All about Music
    • About Facebook
  • Marketing
    • Malika Karoum Strategie Modules
    • Malika Karoum Online Marketing
    • Malika Karoum Business Service
    • Malika Karoum Marketing Platform
    • Online business marketing
  • Luxury
    • The Indulgence Business site
    • The Luxury Web site
    • The Ultimate Indulgence
    • The Indulgence Site
    • The Ultimate Luxury Information site
    • Online luxury
  • Malika Karoum
    • Malika Karoum LinkedIn
    • Malika Karoum Facebook
    • Malika Karoum Instagram
    • Malika Karoum Business News
    • Adverteren grote fraude
    • Menu POS
    • Malika Karoum Evenementen
  • Security
  • Malika Karoum link
  • Home
  • Malika Karoum Global News
  • 5 Ways an Offline PC Can Be Hacked
March 25, 2023

5 Ways an Offline PC Can Be Hacked

5 Ways an Offline PC Can Be Hacked

by Malika Karoum / Tuesday, 02 February 2021 / Published in Malika Karoum Global News

Data breaches are rapidly becoming a part of everyday online life. Even a cursory glance at the news highlights the latest leak of confidential or personal information onto the internet. While many people are increasingly concerned by these developments, it can often seem as though you are powerless against them.

Some suggest taking your PC offline to isolate your data away from the online world. Without a connection to the outside, your data should be safe, right? However tempting it might seem as a solution, it might not be the fail-safe you were hoping for.

1. USB Drives and Social Engineering

The TV show Mr. Robot introduced a broad audience to online security and hacking. It even gained favor with the infosec community for its accurate portrayal of hacking, internet culture, and hacking tools. Unlike the similarly-themed but widely-mocked 1995 film, Hackers, Mr. Robot went to great lengths to educate, as well as entertain, its viewers.

In the show’s first series, an attack was put into motion after some infected USB drives were left strategically near the building the hacker wanted to infiltrate. This is a form of social engineering attack. The assailant knew that if one person picked up an infected drive, they would quite likely take it inside, plug it into a computer, and see what’s stored on it.

This is often done in good faith, as they want to return the drive to whoever may have mislaid it. The attacker takes advantage of this human trait, effectively tricking the victim into loading malicious software onto the target computer via the infected flash drive. This type of manipulation is known as social engineering.

As they don’t want to draw attention to the hack, there is usually no visible sign that the computer has been compromised, so the victim doesn’t take further action to defend against the attack. This leaves the now-vulnerable PC unprotected and open for the attacker to exploit.

In the context of an offline PC, a rogue USB drive could be used in a range of attacks, even ones where the intruder has physical access to the computer to load malicious software themselves via the infected storage device. The CIA used this in an attack known as Brutal Kangaroo, and Wikileaks exposed the technique as part of the Vault 7 disclosure in 2017.

2. DiskFiltration Attacks

If an organization has highly sensitive data or systems, they may consider air-gapping the host computer. In this case, the PC is taken offline, but it is also physically disconnected from the internet and all internal networks to effectively isolate it. If the setup is NATO compliant, the PC will also be positioned away from outside walls and all wiring to prevent electromagnetic or electrical attacks.

Air gapping is widely considered an appropriate way to protect high-value systems from exploitation, but some research suggests that it may not be as secure as once thought. Studies conducted at Ben-Gurion University examined how an air-gapped computer may be compromised, but without malicious software installed, access to the PC, or social engineering.

The extraction method, known as DiskFiltration, relies not on exploiting the computer but analyzing its sounds. Although Solid State Drives (SSDs) are becoming more commonplace, many of us still rely on Hard Disk Drives (HDDs). These devices store data on a disk, much like a vinyl record. Similarly, the HDD requires the movement of an arm across the drive to read and write data.

This physical movement generates noise, which we perceive as a low background hum or whirring. However, in a DiskFiltration attack, the drive’s noises are used to glean the information stored on them. Air-gapped computers usually don’t have speakers or microphones attached, so they can’t amplify the hard drive’s audio. Instead, this noise is relayed to a smartphone or smartwatch receiver up to two meters away. This exploit is just one of the ways that an air-gapped PC isn’t really secure.

While this can affect air-gapped computers, it can also be used to compromise network-connected devices, even if they are heavily monitored for security events or intruders. During testing, the DiskFiltration attack could transfer data at 180 bits per minute, or 10,800 bits per hour. Fortunately, this attack is ineffective against devices with SSDs as there are no moving parts, and thus, no noise.

3. Analyzing Fans With Fansmitter

While it seems logical that hard drives might leak data in unexpected ways, it’s harder to imagine other computer components doing the same. However, the Ben-Gurion University researchers developed a similar method for extracting information from an offline PC using the computer’s fans. This attack is known as Fansmitter.

Your computer’s fans enable air to pass over the warm, sometimes hot, internal components of your computer. The exhausted air removes heat from the system to keep your computer operating at optimal performance. In most computers, there is an ongoing feedback loop between the fan and the motherboard. The fan’s sensors report rotation speeds back to the motherboard.

The computer calculates whether the fans need to be increased or decreased based on the temperature. The Fansmitter attack exploits this feedback loop by overriding the stored optimal temperature value. Instead, the fan speed is adjusted to emit a particular frequency, which can be used to transmit data. As with DiskFiltration, the resulting audio is captured by a smartphone receiver. The most effective countermeasure is either to install low noise fans or a water-cooling system.

4. Changing Temperatures With BitWhisper

While many offline PC hacks rely on analyzing noises and audio outputs, there are alternative methods. The BitWhisper attack uses heat to compromise an offline computer. First, there are several caveats to this exploit. There need to be two computers; one offline and air-gapped, the other connected to a network. Both machines also need to be infected with malware.

The two devices must be within 15 inches of each other. Given this exact setup, it’s the least viable for real-world application but is still theoretically possible. Once all pre-conditions have been met, the networked PC changes the room’s temperature by adjusting the load placed on its CPU and GPU. The thermal sensors on the air-gapped PC detect these changes and adapt fan performance to compensate.

Using this system, BitWhisper uses the networked computer to send commands to the air-gapped PC. The offline computer converts the sensor data into binary, so either a 1 or a 0. These inputs are used as the basis for computer-to-computer communication. Aside from the precise setup needed to make this work, it’s also a slow attack method; it achieves a data transfer rate of just eight bits per hour.

5. Wired and Laptop Keyboards

Although many of us now use wireless keyboards, wired varieties are still common worldwide, especially in business or institutional settings. These facilities are most likely to be storing sensitive data and systems, and therefore the most at risk of attack.

When you press a key on a wired keyboard, it is converted into a voltage and transmitted to the computer via the cable. These cables are unshielded, so the signals leak into the PC’s main power cable. By installing monitors are the electrical socket, detecting these small changes in power requirements is possible.

Although the data initially looks messy and unclear, once a filter is applied to remove background noise, it becomes possible to assess individual keystrokes. However, this type of attack is only possible for PCs that are consistently plugged into the mains.

Portable devices like laptops can also leak data from the keyboard. During a presentation at Black Hat in 2009, titled “Sniffing Keystrokes With Lasers and Voltmeters,” the researchers showed that by pointing a laser toward a laptop’s keyboard, it was possible to translate vibrations from keypresses into electrical signals.

Due to the laptop’s construction and design, each key has a unique vibration profile when pressed. An attacker could gather precisely what was typed on the keyboard without malware like keyloggers by assessing the electrical signals.

Still More Secure Than a Networked PC

These attacks demonstrate that it is possible to hack an offline PC, even if you don’t have physical access. However, although technically feasible, these attacks aren’t straightforward. Most of these methods require a particular setup or optimal conditions.

Even then, there’s a lot of room for error as none of these attacks directly captures the desired data. Instead, it has to be inferred from other information. Given the difficulty in attacking an offline or air-gapped PC, many hackers have found an alternative route; installing malware before the computer reaches its destination.

MakeUseOf – Feed

  • Tweet
Tagged under: Hacked, Offline, Ways

About Malika Karoum

What you can read next

6 Heavily Discounted VPN Subscriptions You Can Get Today
The 10 Best Windows File Explorer Extensions for File Management
This Robotic Eye Prevents Collisions While Walking and Texting

Malika Karoum Blog 2023

  • How to Delete the Last 15 Minutes of Your Google Search History

    There’s a quick way for you to clear your...
  • Lenovo Wants You to Know Its Yoga Pad Pro Can Be Used as a Portable Switch Display

    Sometimes, when playing with your Nintendo Swit...
  • The 5 Best Apps for Buying and Selling Pre-Owned Books

    We’ve all been at the point where we have...
  • Humble’s Recent "Heal Covid-19" Bundle Raised 1.2 Million for Charity

    To help raise money for COVID-19 relief in Indi...
  • Nintendo Partners With PlayVS to Make Its Games Recognized High School Varsity Athletics

    It’s odd—Nintendo gets a lot of flak for ...
  • The Pros and Cons of Playing Video Games on an Emulator

    If you’re a fan of playing retro video ga...
  • 5 Curators to Find the Best Articles Worth Reading on the Internet

    When anyone and everyone is a publisher, it isn...
  • Apple Could Unveil iPads With OLED Screens in 2023

    Apple only just switched from LCD to mini-LED d...
  • What Is Signal and How Does It Work?

    The chances are that you use at least one of th...
  • Samsung’s Upcoming Flagship Exynos Chipset Will Feature AMD’s RDNA2 GPU

    AMD confirmed its partnership with Samsung at C...
  • Atari Finally Reveals the Launch Date for the New Atari VCS Console

    At last, after what seems like an age (it pract...
  • Twitter Starts Testing Full-Screen Ads in Fleets

    Twitter has announced that it will be adding fu...
  • When Is Facebook Messenger Going to Offer End-to-End Encryption?

    Facebook Messenger is easy to use and has great...
  • Get Paid to Play Apps: How They Work and What You Risk

    You’ve probably seen advertisements for a...
  • When Will PS5 Production Ensure Supply Meets Demand?

    Despite the PS5’s launch taking place in ...
  • How to Manage Processes on Ubuntu Using System Monitor

    Linux, like most modern operating systems, is v...
  • How to Get Verified on Twitter and Finally Get That Blue Check Mark

    Twitter, like most social media platforms, offe...
  • 10 Street Photography Tips That Will Make You a Better Photographer

    Street photography is enjoyed by many enthusias...
  • Huawei Freebuds 4i Review: Quality ANC Earbuds for $100

    Huawei Freebuds 4i 8.00 / 10 Read Reviews Read ...
  • What Is Extended Reality (XR) and How Does It Work?

    We’re living in a digital age where the virtual...

MALIKA KAROUM ONLINE MARKETING PLATFORM

Office:
RME HOLDINGS SARL – DUBAI BRANCH

BUSINESS CENTER

Parcel ID: 345-835

Area: Bur Dubai

Sub Area: Burj Khalifa

UNITED ARAB EMIRATES

 

 

 

Malika Karoum Concept

Malika Karoum Projects

  • GET SOCIAL

© 2014 Malika Karoum -United Arab Emirate Dubai- All Rights Reserved

TOP