Discus Systems PLC - IT Support Company in Birmingham West midlands
0800 880 3360
The insane ways your phone and computer can be hacked — even if they're not connected to the internet
Posted by Damien Biddulph on Tue 4th Aug 2015

Hacking is the new spying. And, as we've learned time and time again, both government and private organizations are using cyber-spy techniques to gain as much intelligence as they can.

But getting this data can be difficult. In fact, some of the most previous of digital information is safeguarded by machines that have no contact with the outside world.

So can this internet-less data be hacked? Well, yes.

With some help from the research of the security firm Kaspersky Lab, as well as some of our own personal digging, here's a look into some of the insane and creepy technologies used to hack offline devices.

Both the US and the USSR have spent decades looking into the electromagnetic radiation that an electronic device emits. Kaspersky Lab writes that once a device is plugged into a power line it "generates electromagnetic radiation that can be intercepted by proven technologies."

Now people have figured out how to harness this information to track keystrokes. Writes Kaspersky Lab:

Keystrokes can be remotely tracked with high accuracy at the 67-feet (20-meter) distance by using a homemade device that analyzes the radio spectrum and costs around $5,000. It is interesting to note that the attack is equally effective against common cheap USB keyboards, expensive wireless keyboards with a signal encryption, and built-in notebook keyboards.

Power consumption analysis
While on the topic of electricity, it's also possible to deduce a person's device activity based on the power their gadgets consume. A technique called Load Monitoring monitors voltage and current changes to understand activity. It's been used by electricity companies to better understand what is causing certain changes in electricity usage in a specific place.

But in Japan load monitoring has been shown to be able to pinpoint exactly what device is running at what time. Similarly, researchers have begun looking at electricity consumption as a way to detect when a computer malware has been injected into a computer network.

What's inside your smartphone
It's true that smartphones are connected to the internet, but there are other parts inside it that also give away a slew of information.

For example, the accelerometer inside a phone — which is the sensor used to track a phone's tilt and motion — can be used to detect what someone is typing on a computer. According to Kaspersky Lab, if a smartphone is near a computer keyboard it "provides an approximate 80 percent recognition accuracy rating" at tracking what a person is typing.

But wait there's more...
Not only can accelerometers analyze what a person is typing, they have also been proven successful at tracking where people go if they are traveling on an underground train. The way it works is that the bumps and duration of each individual trip between train stations works as a sort of fingerprint of motion.

So if a spy is trying to track someone on the subway, they could look at their accelerometer and deduce which train station the person traveled to.

Beware the laser!
There are other, more futuristic-sounding methods for keylogging. For example, aiming a laser ray at a computer is a way to "register vibrations," says Kaspersky Lab. This method is more accurate than using the accelerometer, but it requires that laser being pointed at a part of the device that reflects light.

Radio waves that intercept the most secure of networks
This one is a bit more complicated, but is probably the most sophisticated sort of cyberspying. Oftentimes organizations holding very confidential data don't connect the computers holding this information to the internet. Instead, these devices are considered air-gapped. This means they are completely isolated from any external networks.

It may seem impossible to hack into these devices, but it turns out there is a way. If a spy wants to get this data, they could implant a small device onto the computer that infects the closed-off network with a piece of malware. Then, this malware can collect data on the infected network and send it via radio signals that every computer video card automatically generates.

And here's where it gets even crazier: People's smartphones can work as the way to deliver this data. So if someone with a mobile phone is nearby, they can unwittingly receive data sent from the device to the mobile phone via FM waves and then send that data to a hacker.

To set this up would require both getting the malware onto the air-gapped computers, as well as infecting a mobile phone to receive this data. But it's not impossible, and it's likely a variation of this method that the well-known Stuxnet worm was first implanted.

Your computer's heat...
This is another complicated tactic to extract data from air-gapped, or offline, computers. And it uses the heat from the motherboard as a method of wireless data transfer.

According to Kaspersky Lab, air-gapped computers are often put next to internet-connected computer for ease. If both computers are infected with a special malware, some crazy spying can ensue.

It works like this: "The malware reads classified data and periodically changes the system temperature by adjusting the load level and producing a modulated heat signal. The second computer reads and decodes it and sends the classified data over the Internet."

So the changes in heat send a 'signal.' Of course, this sort of communication is very slow. And Kaspersky says the maximum transmission speed is eight bits per hour.

Talking through steel walls
Even if a device is shielded in a closed-off room, sometimes even those walls can be permeated. For example, there is a spy device that can send and receive data through steel walls.

Kaspersky Lab explains, "One unit is inconspicuously placed inside of the classified room, while the other is placed somewhere outside of it. The data transfer rate through steel for ultrasound reaches up to 12 MB/s. Additionally, no power supply is required for one of the units, as the energy is transmitted along with data."



corner spacer corner

Veeam Specialist Microsoft Small Business Specialists Birmingham Microsoft Gold Certified Partner Birmingham Siemens Solution 1 Reseller Birmingham Sonicwall Specialists Birmingham Business Link Approved Birmingham Fujitsu Primergy Certified Partner Birmingham Facebook Follow us on Twitter ESET NOD32 VMWare
IT Support
IT Services
IT Solutions
Get Support Now
© 2018 Discus Systems plc. All rights reserved. Content Management by Verve Digital