If you thought, computers not connected to the internet cannot be hacked, then now is the time to realize that things have changed. An air-gapped computer, incapable of connecting wirelessly or physically with other computers or network is at threat as much as any network connected computer. This has allegedly been made possible by no one else, but the intelligence agency of the United States. Also Read - Is your phone infected with malware? Here's how to find outAlso Read - Beware! Fake e-commerce website scams increasing during festive season sales
CIA has reportedly developed tools that can infect offline computers by using flash drives. According to recent documents published by Wikileaks, CIA used USB drives to transmit malware to the air-gapped computers. The threat lies in the necessity of exchanging data. All computers virtually need to exchange data, which is carried out using USB drives, external hard drives or other portable storage devices. Also Read - Over 10 million Android users affected with GriftHorse malware: Delete these apps now
As Quartz notes, a program called ‘Brutal Kangaroo’ includes tools to target computer systems that are not connected to the internet. While another program called the ‘Drifting Deadline’ is sneaked on such a machine. Here on, when a USB drive is connected to the machine, the tool infects it with malware which would then transferred to an air-gapped computer. These malware programs require little or no user interaction and are primarily activated from default behavior of Windows operating system. ALSO READ: Skype outage: Hacking group CyberTeam claims responsibility
As per reports, Microsoft says that it has patched some of these vulnerabilities, and supported versions of Windows remains safe. This means any air-gapped systems with an unsupported version of Windows are at potential risk of getting infected. The only way an air-gapped computer of interest remains from such an infection is when they never require file transfer, which is most unlikely. Notably, the CIA has not confirmed its ownership of the documents or aforementioned tools.