Whenever we find tutorials on how to hack a computer, a Wi-Fi network or whatever device, one of the things that is most required is the Internet connection. However, what if I don’t have an Internet connection? Could they still hack my computer? Yes, it can, and there are several ways to do it. This guide will explain you about the main techniques applied to hack a computer without the Internet. We are sure that this will be extremely useful, not only for knowledge, but also, to be more aware when handling both our own computer and peripherals.
Beware of USB devices!
This is most likely familiar to you. One of the security awareness tips that you are used to giving is to be careful with any USB device you find. Especially when it comes to these little storage devices. Although they no longer enjoy the popularity of years ago, these devices are still very useful for cybercriminals. Mainly because it is extremely easy to carry out the distribution of malware, ransomware or any type of malicious file.
However, one might think how a USB could harm my computer. There are several scenarios, one of the best known is walking through the corridors of your workplace or some public place, and suddenly you find a USB device. It appears to be there for no particular reason, it may be that it has gone astray without someone noticing, right? Since it does not have any label or anything that says who it belongs to, then you take it to use it yourself. This is where social engineering has a place because it takes advantage of certain behavior patterns of people, in this case, curiosity and the desire to obtain some advantage or gift . There is no denying it, from the outset it is good to “win” some extra storage for our files.
As soon as you put this flash drive on your computer, your computer could have been hacked in multiple ways, just by connecting this malicious device to it.
As we have mentioned, «USB attacks» are extremely effective, even this year there have been events of this type where people found USB devices scattered anywhere. These devices were packaged so that the person could be curious about it, even in some cases, there was an indication that if you accessed that device, you could have an alleged € 50 electronic gift card.
USB Killer: your computer completely useless in seconds
There are cases in which a computer is infected by malware, ransomware or any other type of virus, manages to recover. But what happens if I connect a USB device to my computer and it suddenly turns off? It could be that you have been the victim of a USB Killer . The main function of this is to make the computer receive a tremendous amount of electrical energy. It is so much that the computer limits its resources and capacity, so it suddenly shuts down. To get an idea of how lethal simply connecting a USB device can be, we share a video below with a rather curious compilation of the USB Killer in action. We are sure that with this you will be much more careful than before:
The peculiarity of these USB killer is that, in reality, it was not conceived for the malicious purposes with which it is applied today. Hong Kong is its place of origin, and its main purpose is to prove how safe the devices are in this type of situation. This device has capacitors that accumulate all the electrical charge of the computer or the device that it is and returns it in such a way that it leaves it practically unusable. That’s right, if you use a mobile phone, a video game console and even a car, you could be at risk thanks to this beast that comes in a small size.
A curious fact is that anyone can access their official portal and buy one or more USB Killer kits at an extremely affordable price. But why would this be available to anyone if there are many people who could take advantage of this with malicious intent? This is completely valid, but the creators of this project have made it public and it is very accessible because the manufacturers they turned to have ignored the shared evidence regarding this multi-device vulnerability.
If your computer, console, mobile or other device is the victim of a USB Killer, it is because its electrical circuits are not properly protected. According to the official site itself, this vulnerability is known to the manufacturers. However, since protection is very expensive when assembling products, it was decided to leave this aspect aside so that we can all have access to relatively affordable products. The latest version charges its capacitors with the energy of its devices very quickly and, once charged, the electric shock is carried out on the victim device through multiple charge and discharge cycles per second. Moments later, the victim device is no longer useful.
Data filtering using HDDs
If you are still using a computer that has an HDD, you will have noticed that they make a very particular noise. One of the comparisons that is customary to make, is to think that our hard drive is like a vinyl record. And that vinyl has a pick that is responsible for reading and writing that information. However, and not exactly intentionally, that noise made by the hard disk has the ability to transmit data. So, if I have a mobile capable of receiving and interpreting these signals, I can filter data without major complications.
This type of data breaches can be exploited by cybercriminals, especially in large public spaces. Imagine that you are in a huge store and someone “accidentally” leaves their mobile phone very close to where the computer bay is. Surely, someone notices a few minutes after there is a mobile there. Also, that time will have been enough to be able to appropriate data. This is further evidence that we must be vigilant even in the most common day-to-day situations. Virtually everything could be a bridge to carry out attacks.
To get a better idea of how this could happen, we leave a short demonstration video:
The accelerometer of our mobile
One of the most used sensors and that has been with us for the longest time on smartphones is the accelerometer. To give you an idea of the great utility of this, this sensor allows us to rotate the screen of the mobile so that we can adapt the view of the content that we are viewing. Unfortunately, this accelerometer can be used for malicious purposes. Specifically, placing the smartphone on the same table where we find the computer. What happens is that the smartphone’s accelerometer has the ability to capture vibrations that are generated from the computer keyboard. These vibrations can give you a lot of information, including what exactly we are writing.
This method of obtaining information has been a subject of research since 2011 by the prestigious Massachusetts Institute of Technology (MIT). Even though at that time it was shown that the mobile accelerometer can capture the movement pattern to a certain extent when we type, there would not be much chance of attacks. However, consider that almost 10 years have passed since that event, and there is no doubt that much progress was made in areas that could “contribute” to the execution of this type of attack. For example, Artificial Intelligence and Machine Learning .
Fansmitter-type data filtering
There is no computer that can work normally for long if it does not have something that regulates the temperature. As we use the computer’s resources to the maximum, the temperature of the CPU and other components begin to increase. Consequently, the fan or heatsink inside the box helps us regulate that temperature to prevent internal components from burning. But can data really be transmitted through the computer’s heatsink or fan? Yes, this is called Fansmitter .
Normally, a feedback loop occurs between the heatsink and the motherboard. This consists in the fact that the heatsink provides information to the motherboard regarding its rotation speed. With this, the motherboard can know whether or not it needs to increase the rotation of the heatsink considering the temperature it currently has. All this can be exploited in such a way that we can filter data.
The heatsink is adjusted so that it manages to emit a certain sound frequency that is capable of transmitting data. This occurs because the optimal fan settings are altered so that the motherboard can maintain its ideal temperature. It is as if the fan works much more optimally without it being necessary. Any device that acts as a receiver, generally a mobile phone, can collect the data.
Right away, there is no protection measure that we can apply immediately. But, if you have the possibility to do so, it is recommended to choose heatsinks that make the least amount of noise possible, or opt for a liquid cooling system.
There is no way to 100% avoid attacks, especially when it comes to computers and smartphones. Of course, you can’t possibly be a victim of all of these attacks at once, and you might even never be a victim of any. However, it is good to keep in mind what could happen, and most importantly: how to protect ourselves as much as possible. If you are disconnected from the network, the possibilities are less, but not null. Equally, our devices and their data are in permanent risk and, if we are not cautious enough, we can end up losing a lot.