While these malicious attacks are considered minor and are often uncommon to be seen, they still pose a huge threat to OPSEC if one falls victim to them. Often times these minor attacks consequently come with more sophisticated attacks which are being built up in the background. With this article I only expect for people to acknowledge and understand them, and don't expect for people to take immediate action to minimize these attacks. These aren't malicious attacks that are often seen or performed but they can happen.

 

Audio Retasking:
Audio retasking is when an attacker, or form of malware that infects a computer, reconfigures the audio jacks to reverse their functionality. This kind of attack essentially turns the integrated speakers in a computer, along with any connected headphones/earbuds or other external speakers connected to the device, into microphones. Audio retasking can be done programmatically by accessing the audio drivers and making changes to either the drivers themselves, or reconfiguring the settings in the audio device’s control panel. An attacker who’s eavesdropping on their target through their newly created microphone cannot just listen to them while they are near their computer, but they can potentially gather acoustic sounds from their computer as well, providing them with the basis to perform acoustic cryptanalysis attacks. Completely removing all audio hardware from your computer and any connected audio devices can prevent this kind of attack.

 

BitWhisper:
The Thermal BitWhisper attack, also known as BitWhisper, is a method of covert communication between two adjacent, compromised computers by utilizing the heat exchange between them. This technique allows for the transmission of data between an air-gapped system and a nearby compromised computer through the modulation of the heat emitted by the systems. The attack works by leveraging the built-in thermal sensors in computers, which detect the heat produced by processors and trigger the rotation of fans to avoid damage. By modulating the heat patterns, binary data can be encoded and transmitted between the two systems. The heat transmission data is not easily blocked as it can pass through walls, humans, and inanimate objects.

 

Circuit fingerprinting:
Circuit fingerprinting is a technique used to identify and track specific circuits or services. In the case of the Tor network, circuit fingerprinting attacks aim to discover onion services by analyzing the traffic patterns and unique features of the circuits. This can potentially compromise the anonymity of the network.

 

Tor onion services, which provide anonymous service to clients using the Tor browser without revealing the real address of the server, are vulnerable to circuit fingerprinting attacks. These attacks can be used by adversaries to classify circuit types and uncover the network address of the onion service, potentially compromising the anonymity of the network. To defend against such attacks, Tor has implemented padding defenses, which involve injecting dummy cells to protect against circuit fingerprinting. However, recent research has shown that these defenses are not entirely effective, as circuits still expose significant information to adversaries. In a recent study, a novel circuit fingerprinting attack was proposed, which involved dividing the circuit into the parts generated by the client and the onion service. The researchers experimented with three state-of-the-art classification models—SVM, Random Forest, and XG-Boost—to enhance the effectiveness of the attack. The best performance was achieved with 99.99% precision and 99.99% recall when using the Random Forest and XG-Boost classification models, respectively.

 

Additionally, the researchers attempted to classify circuit types using their features and the classification model mentioned above, achieving the best performance with 99.99% precision and 99.99% recall when using the random forest classifier in circuit type classification. The experimental results demonstrated highly accurate circuit fingerprinting attacks, even when application-layer traffic was identical and some types of circuits used the defenses provided by Tor.

 

DEMA:
Differential Electromagnetic Analysis (DEMA) is a technique that involves the analysis of differential information in electromagnetic emissions emitted by electronic devices to extract sensitive information from them. This technique focuses on studying the differences in electromagnetic emissions between different states or operations of a device. In other words, DEMA exploits work by analyzing the differential emissions, such as when the device is processing different types of data or when performing specific cryptographic operations. What sets DEMA apart from other forms of electromagnetic attacks, is that focuses on using only differential information from emissions to obtain sensitive data, where other forms of electromagnetic attacks either analyze other aspects of EMFs or alter them in some way to extract information.

 

The capability to easily carry out DEMA attacks remotely without having ever had access to the target device using a cheap, homemade device make these attacks particularly potent.

 

Using mylar or a fabric that contains nickel or silver to shield computers can prevent or impede these attacks. Operating computers strictly inside faraday cages can prevent these attacks in their entirety.

 

Disk Filtration:
DiskFiltration is a method of data exfiltration from air-gapped computers that utilizes the acoustic signals emitted by the hard disk drive (HDD). This technique involves the intentional manipulation of the HDD's actuator to generate acoustic signals, which can then be used for '0' and '1' modulation. The covert signals can be received by a nearby recording device, such as a smartphone, smartwatch, or laptop, allowing for the exfiltration of sensitive data. The attack is particularly relevant in highly secure air-gapped networks where traditional data exfiltration methods are not viable.

 

Duster:
The DUSTER attack is an active traffic analysis attack based on flow watermarking that exploits a vulnerability in Tor's congestion control system. It embeds a watermark into a Tor stream by exploiting Tor’s congestion control system, and when detected by the attacker's controlled relays, it can be used to uncover the real IP address of the onion service. Unlike some other attacks, DUSTER does not require the attacker to control the rendezvous relay and does not affect network performance, making it stronger and more difficult to detect. The attack anticipates a small batch of SENDME cells in a predefined manner, generating a pattern that can be identified by the detectors.

 

EMFI:
Electromagnetic Fault Injection (EMFI) is a type of attack that uses intentional electromagnetic interference (IEMI) to induce temporary or persistent faults in a targeted electronic device to change its functionality or to extract sensitive information from it. This can be achieve by positioning an antenna or coil towards the targeted device and irradiate it with electromagnetic waves from a distance, causing the device to experience temporary faults. The induced faults can then be used to compromise the device or extract sensitive information from it without having any physical access to it. These kinds of attacks can be potentially mitigated with proper electromagnetic shielding methods, such as using faraday shielding around the device.

 

GPU.zip:
The GPU.zip attack, which exploits the graphical data compression feature in modern GPUs, can be used to deanonymize Tor users. When a user visits a malicious website that leverages the GPU.zip attack, the attacker can measure the time it takes for the GPU to compress data, allowing them to infer the visual content being processed, such as usernames. This stolen information can then be used to identify and track the user, compromising their anonymity and security. The attack affects a wide range of GPUs from major suppliers, including Nvidia, AMD, Intel, Apple, Qualcomm, and Arm. This highlights the potential risks it poses to user privacy and online security, especially for Tor users who rely on the network for anonymity. The attack can be particularly concerning for Tor users accessing hidden services, as it can make it easier for adversaries to identify and monitor their activities, undermining the core principles of anonymity provided by the Tor network.

 

GPU fingerprinting:
GPU fingerprinting can be used to track users' activities across the web by measuring the time required to render different graphics primitives using the WebGL API. This technique relies on stitching together key pieces of information gleaned from the browser to create a unique fingerprint, including the browser's version, OS, timezone, screen, language, list of fonts, and the way the browser renders text and graphics. The DrawnApart tracking system, for instance, can count the number and speed of the execution units in the GPU, measure the time needed to complete vertex renders, handle stall functions, and more. By leveraging these attributes, it can extend the median average tracking period from 17.5 days to 28 days. Countermeasures to block GPU fingerprinting methods range from script blocking to disabling WebGL and limiting each web page to a single execution unit, or even turning off hardware-accelerated rendering. However, the ongoing development into the WebGPU standard may introduce even more ways to fingerprint internet users, and quite likely faster and far more accurately too. To mitigate GPU fingerprinting, it is ideal to disable the GPUs’ drivers or use a computer that does not have a dedicated graphics card.