“Phreaky” Hacks You Should Know

October 31, 2017 | Views: 4910

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

                Hackers can be extremely creative at getting around various types of security, but there may be some ways that are so far out there and crazy that many security professionals have not even heard of them. Some of these hacks are pure genius and they show us how someone with enough determination can get through nearly any type of security. If you can dream up a way to block an attack, someone out there can figure out a way around it.

                Did you know that your computer monitors put out an electrical signal that can be picked up and displayed on another system not even connected to your network? This is a technique called Van Eck Phreaking. Although this used to only work on old CRTs, it has now been perfected to also work on flat screens on computers and cell phones. This technique requires some technical know how to set up radio equipment to receive signals and receive them on a PC to recreate the image on a monitor.

“Back in 1985, Wim Van Eck proved it was possible to tune into the radio emissions produced by electromagnetic coils in a CRT display and then reconstruct the image

                In another experiment researcher’s we were to grab data using the sound emitted by the cooling fans of a server. This sounds crazy but the details are explained in one of the articles I have linked to at the end of this article. It does require some very sophisticated methods to get a bit of malware onto the servers as well as a cell phone of someone nearby.

                There are steps that can be taken to prevent even these types of attacks. On top of creating an air-gapped datacenter in which the data center does not have any connection to unsecured networks (like the internet), soundproofing and RF shielding can help prevent data from being leaked from secure systems. Policies must be put in place and followed such as not allowing cell phones in or near highly sensitive datacenters and absolutely no USB thumb drives should ever be connected without approval or verification that they are clean.

References:

https://www.newscientist.com/blog/technology/2007/04/seeing-through-walls.html

https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data/

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. JonWUK, you are correct that most of these are experimental and are performed in a controlled environment such as a laboratory. The idea here is that people are experimenting with new ways to get around current methods of protecting networks. The idea is to find all of the holes before others exploit them. I just like to post about research being done for educational purposes. I have not heard of any events where these techniques have actually been used in the real world. The idea is that these people experiment and learn as much as they can to prevent future attacks.

    For those who want to learn a little about TEMPEST here is a PDF. http://sst.ws/downloads/TEMPEST%20Introduction%20iss%203.pdf

  2. These Proof of Concept hacks come out all the time, I remember the Van Eck Radiation monitoring being referred to as TEMPEST radiation back in the 90s.

    Most of these Proof of concepts are just that, and are terribly impractical in real-world situations or require a degree of technical knowledge and skill that would prevent widespread usu.

    However I remember a P.O.C for someone able to unlock and start cars that use proximity keyless entry via a radio relay system and suddenly BMWs and Mercedes all over London are disappearing!

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel