The weirdest hacking techniques you’ve never heard of

March 25, 2021

For a while now, we have written about malware, viruses and phishing on the JC Cyber Security blog – but there are other ways to break into a computer. Here are three of the weirdest techniques we’ve heard of – and they really do work.


Keyboard Hijacking

There are many malware variants that infect computers, monitoring every button you press on your keyboard; they are called keyloggers. Some enterprising security researchers have discovered that with certain wireless keyboards they are able to bypass the computer completely.


According to their experiments, they were able to scan the radio signals passing between the keyboard and the computer – from 50 metres away. When they analysed the data it was found that many keyboards were sending that information in plain text – including passwords and payment details.


The good news is that most wireless keyboards now use Bluetooth which automatically encrypts keypress data making it almost impossible to intercept or read. However, if you are using an older 2.4Ghz wireless keyboard (they usually need a small dongle plugged into a USB port to work), you may need to consider replacing it.


Computer Fans

When hackers break into a computer, they typically use the internet to send stolen data back to themselves. To protect very sensitive information, companies use ‘air gapped’ computers that are not connected to the internet at all, making it much harder for cyber criminals to access.


Cyber security experts at Ben-Gurion University in Israel have found a way to bridge the air gap using the cooling fans built into virtually every computer and laptop. By infecting an air gapped computer with malware, they are able to adjust the speed of the fans, changing the noise they make, almost like (tuneless) musical notes.


These ‘notes’ are then assigned to a letter of the alphabet; by adjusting fan speeds, the malware can transmit stolen data (like passwords) as sounds to another nearby device that is connected to the internet. This method is very slow and unlikely to affect home users (very few of us use air gapped computers) – but it really does work.


Hard Drive Microphones

You’re probably already aware that your smartphone and smart speakers are constantly listening in your house – and that’s a calculated risk. But your computer could be listening too – and not just the microphone.


Hackers have discovered that they can use the hard drive built into your computer to do a similar job. Inside the disk, parts are finely balanced to minimise the damaging effect of vibrations; the disk stops reading and writing during a vibration. These pauses may last fractions of a second, but the more intense the vibration, the longer the pause.


Using this knowledge, hackers have been able to use the hard drive as a microphone. They can recreate the sounds, like voices, that cause the pauses. The decoded sounds can then be sent back to the hacker over the internet.


There is some good news though – hard disk drives are becoming less and less common in newer computers. They are being replaced by faster SSDs which have no moving parts and are not affected by audio vibrations.


Protect Yourself Anyway

All three of these attacks are incredibly rare and unlikely to affect users. You are still at far greater risk of malware, phishing – so you should prepare accordingly. Speak to us about our Protection Plan today to protect yourself.

Follow Us

Be the first to know

You might also like

DAST in DevOps: Why It Matters

October 14, 2024
DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations.  So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?

Why DAST Testing is Important

October 4, 2024
Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs.  This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.

The Evolution of Hacking

September 25, 2024
In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all.  In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.
More Posts
Share by: