Among the other hacks an NSA operative can order:
- Malicious monitor cables for $30, which monitor and report the data sent between the computer and monitor
- BIOS and firmware hacking to plant malicious software that survives a reformat, OS reinstall, or even a new hard drive install
- $40,000 Stingray devices, which are fake cellphone towers that can maliciously redirect victim cellphone conversations for monitoring
- Malware that attacks and lives in hard drive firmware
- Persistent malware, software, or hardware for firewalls
- Devices that can record room audio
- 802.11 wireless network injection tool
- Keyboard cable tapping devices
After reading whatthe NSA can order, it should be quite clear that the NSA (and any other nation-state entity) can pretty much spy on whatever device it wants, and there is little we can do about it — as long as it remains legal and the agency can gain access. Many of these devices and software programs are created by private companies and available for purchase to any paying customer.
Bruce Schneier offers additional information about nation-state programs.
Extreme hack No. 9: Cryptographic attacks
Gary Kenworthy, of Cryptography Research, specializes in revealing cryptographic keys that had been thought to be highly secure, from all sorts of computing devices. He can remotely monitor a device's radio frequency or electromagnetic radiation emissions and tell you the 1s and 0s that made up its secret key. He has done this in public and private demos around the world the past few years. You can see him determine a mobile device's private key simply by monitoring its EM fluctuations.
Kenworthy's recent advances against the very devices we are told will protect us have shaken many in the cryptography community. To be sure, Kenworthy and his company profit from providing protections against the attacks he demonstrates, but his attacks are real and essentially reduce the security of most devices running cryptography that do not implement his suggested defenses.
Extreme hack No. 10: Car hacking
Car manufacturers are racing to put as much computing functionality as possible in their cars, and it should come as no surprise that these same computers are incredibly vulnerable to attack. Early on hackers learned how to unlock cars using their wireless remote key fobs and to prevent car owners from locking their cars despite thinking they have.
Dr. Charlie Miller, who started his career hacking Apple devices and winning multiple Pwn2Own hacking contests, is among the best car hackers. In 2013, he and his fellow researcher, Chris Valasek, demonstrated how they could control the brakes and steering on a 2010 Toyota Prius and Ford Escape using a physical attack that interfaces with the car's Electronic Control Units and onboard bus systems. Thankfully, the hack didn't work wireless or remotely.
Sign up for CIO Asia eNewsletters.