Computers can be hacked without internet connection - using cellphones

Kind regards, REBOL.

If there is a POC of this somewhere then let me know, I want to test if a) It actually works in practice in a home environment and b) If HIPS/BB is effective against it (I figure the malware on the phone would be able to listen but actually manipulating and installing a virus sounds to me like HIPS/BB would perhaps be able to catch, at least when said virus loads into memory, but who knows) Maybe we’re entering an era where software security is just not good enough anymore, or perhaps this is just blown out of proportion and the real threat isn’t that large… I wouldn’t know, which is why I want to test it. =3

Hi Sanya, here’s some more interesting links. (Especially the first one, I guess.)

Kind regards, REBOL. :slight_smile:

Well it is an interesting read and it seems practical… it depends how you see things, you could have internet only by using electrical network. :smiley:

LOL :slight_smile:

This whole thing is very scary

Yes it is, indeed.

Well, there’ll have to be solutions (and I’m quite sure, many companies will try to offer some kind of…) handling those “new” kind of vulnerabilities.

Maybe “integrated shielded hardware / software solutions” by companies with their headquarters being located outside any “known as spying country” will be the future choice, which means, they will “win”.

But who knows? :slight_smile:

I’d really like COMODO to be the company who, once again, takes the first steps encountering those new kind of threats. 8)

We need TRUSTable hardware, TRUSTable software, TRUSTable internet.

That’s “all” :a0 I ask from you, Melih. (I know, that’ll be a fucking hard thing to do :()

Still, you won’t ever be “alone” if trying to achieve those things. We’re there, and you know it.

Cheers, REBOL. :slight_smile:

As we speak, I’m working on a tin foil hat for my computer. :slight_smile:

Having read the links about this I believe that this is only a security threat in theory, not in practice. A cellphone could theoretically pick up electromagnetic waves emitted from a computer if it is close enough and if they are within the frequency range it is designed to use. Filtering the useful waves (e.g. those generated by keystrokes) and converting them to meaningful information could be a very complex and unreliable process.

If however it were possible to do this all current forms of software protection would be useless because there would be no software changes or data changes for the software to monitor. The only defence would be an electronically shielded computer.

I believe that there has been some research on components that use light rather than electricity to transmit information because of the potential huge speed benefits and much lower power consumption. It is possible that a light-powered computer would be much more difficult or even impossible to monitor.

Until now I thought you’d already done this.

Cheers, REBOL. :wink: How could a mobile phone be used to hack into an air-gapped network? In a take-off of an email phishing attack, a hacker could send an unsuspecting employee in a sensitive installation a text message that looks legitimate, but contains a link to malware that surreptitiously gets installed on their cellphone.

The attack as of now still pretty much feels rather inconvenient and is only worth anyone’s while if the target is a large profile company/organization. Well, it would seem that it is, like any other malware, still a file that installs itself somewhere. If I understood correctly, it would seem that the cellphone device is turned into a translator of sorts that interprets frequencies and sends them back to the cracker. What happens, I wonder, if the phone went into airplane mode? And I do remember network jammers being used in certain workplaces. Illegal in some places though.

I remember having one for the android and iphone though I can’t bring myself to recall where in the world did I place the file. (Too many files and folders, gotta clean this laptop.) If I remember correctly, the attack needs to meet these conditions first to be successful:

  1. The phone has to be a smart phone.
  2. The phone needs to have an active network connection.
  3. It needs to be capable of bypassing both security protocols of the phone and the target system while maintaining a reasonable size.
  4. It needs to be able to send out the translated frequencies and/or store them temporarily

So this means that…

  1. Since the malware needs to install itself first, older phones will work as a good protection. Java phones are partially vulnerable (at least, the POC i had needed to be within range and share a common connection with the target via USB/Wifi/Bluetooth). The Nokia 3210 works and can pretty much be used as a club or as a projectile weapon to knock perps unconscious.
  2. So network jammers in theory would be a good front line. Or you can just switch to airplane mode.
  3. Well, not really much of a problem, but the suggestion is if one would create a security protocol on the phone that is not redundant to the one on the target system, you can pretty much set up a layered defense that can severely limit, even prevent the attack.
  4. There are other ways of course of sending out the information other than through network connections, though the few ones I could think of requires collaboration and isn’t at all practical. So I don’t suppose anyone would be sending this one out in the wild just yet and risk discovery. Probably only the bits and pieces, the main attack script probably, but not the propagation.

I think, like anything else, to stop the infection, pinpoint the vector (in this case, mobile phones) and eliminate the vulnerabilities there.
Mod edit: Fixed quote tags, Captainsticks.