Omega Owners Forum
Chat Area => General Discussion Area => Topic started by: Rods2 on 27 July 2015, 23:26:38
-
I have always been aware that all security sensitive facilities have used careful screening since the Russians were caught reading US teleprinter machines from their EM radiation, but this is an interesting hack anyway.
How researchers have managed to hack an air gapped computer using a simple mobile phone as the receiver.
http://www.wired.com/2015/07/researchers-hack-air-gapped-computer-simple-cell-phone (http://www.wired.com/2015/07/researchers-hack-air-gapped-computer-simple-cell-phone)
-
from the article:-
"The attack requires both the targeted computer and the mobile phone to have malware installed on them, but once this is done the attack exploits the natural capabilities of each device to exfiltrate data"
It only works if the air-gapped PC has already been compromised - so they havent hacked anything!
-
Well it is a daily mail story,posted by our resident, Russian lover so its true and we need to be aware of these activities, ;)
-
Not that difficult to compromise an Air-gapped PC ot system from a distance, it has been done many times. The key weakness being the CKI ::)
-
from the article:-
"The attack requires both the targeted computer and the mobile phone to have malware installed on them, but once this is done the attack exploits the natural capabilities of each device to exfiltrate data"
It only works if the air-gapped PC has already been compromised - so they havent hacked anything!
Secure computers with sensitive data are often not connected to a network to stop it being hacked and then it is a case of how the data is got out of the secure facility by those interested in doing so.
Many data compromises use inside people to do this and this is a very big issue.
Alternatively, if you are the US government you invite 3rd parties to tender for your secure computers maintenance, award it to the cheapest Chinese bid and give them all the root passwords and then wonder why all your employees data for the last 20 years has been downloaded. Now who would of guessed this happening. :-[ :-[ :-[ ;D ;D ;D
-
from the article:-
"The attack requires both the targeted computer and the mobile phone to have malware installed on them, but once this is done the attack exploits the natural capabilities of each device to exfiltrate data"
It only works if the air-gapped PC has already been compromised - so they havent hacked anything!
Secure computers with sensitive data are often not connected to a network to stop it being hacked and then it is a case of how the data is got out of the secure facility by those interested in doing so.
Many data compromises use inside people to do this and this is a very big issue.
Alternatively, if you are the US government you invite 3rd parties to tender for your secure computers maintenance, award it to the cheapest Chinese bid and give them all the root passwords and then wonder why all your employees data for the last 20 years has been downloaded. Now who would of guessed this happening. :-[ :-[ :-[ ;D ;D ;D
There's an Iron Maiden song keeps coming to mind "run to the hills" ::)
-
Other ways include:
- dropping an unmarked cd or usb in the car parkin the hope they will put it into a computer that they shouldn't (more of a sucess rate than you think )
- deliberately targetting someone's personal computer or usb (this believed to be how stuxnet found its way on to a certain computer in iran)
-
The thing I can't understand is why people talk about secure computers and PCs in the same context. ::)
-
Other ways include:
- dropping an unmarked cd or usb in the car parkin the hope they will put it into a computer that they shouldn't (more of a sucess rate than you think )
- deliberately targetting someone's personal computer or usb (this believed to be how stuxnet found its way on to a certain computer in iran)
I thought the former of those two were how stuxnet was distributed?
-
The thing I can't understand is why people talk about secure computers and PCs in the same context. ::)
It's not the computers themselves that is the problem. 90% of issues and infections as well as 70% of confidential information lost come from the CKI ;)
-
The thing I can't understand is why people talk about secure computers and PCs in the same context. ::)
It's not the computers themselves that is the problem. 90% of issues and infections as well as 70% of confidential information lost come from the CKI ;)
True, but, if you're going to the expense of building the nuclear power plant used as an example, why control it using a £400 Dell box that has the interfaces that allow it to be compromised by the CKI in the first place?
-
True, but, if you're going to the expense of building the nuclear power plant used as an example, why control it using a £400 Dell box that has the interfaces that allow it to be compromised by the CKI in the first place?
Because you're an idiot. ;) (Not you, you, them, you)
-
True, but, if you're going to the expense of building the nuclear power plant used as an example, why control it using a £400 Dell box that has the interfaces that allow it to be compromised by the CKI in the first place?
Because you're an idiot. ;) (Not you, you, them, you)
.. or a bean counter. ::)
-
True, but, if you're going to the expense of building the nuclear power plant used as an example, why control it using a £400 Dell box that has the interfaces that allow it to be compromised by the CKI in the first place?
Because you're an idiot. ;) (Not you, you, them, you)
.. or a bean counter. ::)
::)