Photo courtesy of Emiliano Horcada via Flickr.

Hacking Can Happen To You Even When You’re Offline

Just because you’re offline doesn’t mean your computer can’t be hacked.

Although most hacking occurs over the Internet, methods ranging from the primitive to the high-tech allow dedicated hackers to access almost any computer.

Acoustic Cryptanalysis

By simply placing a mobile phone next to a computer and recording a high-pitched noise emitted by the vibration of its electric components, hackers can extract a key decryption code, according to research at Tel Aviv University.

This key, called RSA, is considered the de facto industry standard for the encryption of sensitive information. Cracking this key means being able to access the info.

The attack can be performed using very simple audio hardware such as a cell phone, or with more advanced microphones from up to 13 feet away. Extracting the key takes less than an hour.

Researchers also found a way of extracting the key by simply measuring the electronic output of the computer, either with wires connected to the chassis or through Ethernet or USB cables.

USB sticks

The humble USB stick can be a powerful weapon in the right hands.

Stuxnet, the devastating computer worm that disrupted Iranian nuclear production in 2010, was allegedly delivered by Israeli agents using a simple thumb drive, according to CBS News.

And although not technically a hack, a USB stick is also what NSA whistleblower Edward Snowden used to bring classified documents to the public.

Sound waves

Theoretically, a computer that’s not connected to a physical network, wireless, or Bluetooth should be completely inaccessible (a network security method known as an “air gap.”

However, in 2010, security consultant Dragos Ruiu discovered that one of his air gapped computers had been infected with a malicious software that replaced his Basic Input/Output System (BIOS), the basic software that controls hardware and loads the operating system.

Even after he removed the wireless and Bluetooth components, the malware kept reinstalling itself after being wiped. In the end, he discovered the source: high-frequency sound waves inaudible to humans.

The sound is transmitted from one device to another, using the computer’s microphone to translate sound waves into data.

While Ruiu’s claims sounded like science fiction, the method – which can transmit data from up to 64 feet away – was later proven to work by two German scientists who had been researching (pdf) the topic separately.

It’s currently not clear whether affected machines had to have been already infected with malware, for instance through a USB stick, or if the sound waves can directly infect a computer.

The virus could potentially be prevented, however, by installing a lowpass filter that blocks out high frequency sounds, the paper states.

Computer implants + radio waves

Offline hacking, big government style: The New York Times reports that by using circuit boards or USB cards inserted into certain computers, the NSA can access the machines from up to eight miles away, even when they’re not connected to the Internet.

In use since at least 2008, the technology uses radio waves transmitted from “a briefcase-size relay station that intelligence agencies can set up miles away from the target.”

Nearly 100,000 computer worldwide have been fitted with such transmission devices, on targets such as Chinese industrial spies, Mexican police and drug cartels, and European trade organizations.

There’s no evidence of its use inside the United States, however.

We measure success by the understanding we deliver. If you could express it as a percentage, how much fresh understanding did we provide?
Ole Skaar