4 Comments

1. December 28, 2017 at 8:35 am

   Tomi Engdahl says:

   Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More
   https://it.slashdot.org/story/17/12/27/1555221/acoustic-attacks-on-hdds-can-sabotage-pcs-cctv-systems-atms-more?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

   Attackers can use sound waves to interfere with a hard drive’s normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations. The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD’s data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect

   Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More
   https://www.bleepingcomputer.com/news/security/acoustic-attacks-on-hdds-can-sabotage-pcs-cctv-systems-atms-more/

   Attackers can use sound waves to interfere with a hard drive’s normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations.

   The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD’s data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect.

   Back in 2008, current Joyent CTO Brandon Gregg showed how loud sounds induce read/write errors for a data center’s hard drives, in the now infamous “Shouting in a datacenter” video. Earlier this year, an Argentinian researcher demoed how he made a hard drive temporarily stop responding to OS commands by playing a 130Hz tone.

   New research shows practicality of HDD acoustic attacks

   Last week, scientists from the Princeton and Purdue universities published new research into the topic, expanding on the previous findings with the results of additional practical tests.

   The research team used a specially crafted test rig to blast audio waves at a hard drive from different angles, recording results to determine the sound frequency, attack time, distance from the hard drive, and sound wave angle at which the HDD stopped working.

   Researchers didn’t have any difficulties in determining the optimum attack frequency ranges for the four Western Digital hard drives they used for their experiments.

   Researchers say that any attacker that can generate acoustic signals within the vicinity of HDD storage systems has a simple attack venue at his disposal for sabotaging companies or lone individuals.

   Acoustic attacks can be delivered in multiple ways
   The attacker can either apply the signal by using an external speaker or exploit a speaker near the target. Toward this end, the attacker may potentially take advantage of remote software exploitation (for example, remotely controlling the multimedia software in a vehicle or personal device), deceive the user to play a malicious sound attached to an email or a web page, or embed the malicious sound in a widespread multimedia (for example, a TV advertisement).

   Once an attacker finds a method of delivering the acoustic attack, its results will vary based on a series of conditions.

   Reply
2. March 5, 2019 at 4:10 pm

   Tomi Engdahl says:

   Your Hard Drive May Be Listening
   March 4, 2019• Physics 12, 24
   https://physics.aps.org/articles/v12/24?fbclid=IwAR3QWj8g0E_3-6lah7M_cIS2tPeIlnsv_nUIW74mC9MvMjV5cJn9zjt9E_U

   Researchers demonstrated that a hard drive can be used as a microphone, allowing attackers to listen in to conversations.

   Reply
3. March 13, 2019 at 2:25 pm

   Tomi Engdahl says:

   Hackers Turn Hard Drive Into Microphone That Can Listen In On Your Computer’s Fan Whine
   https://hackaday.com/2019/03/13/hackers-turn-hard-drive-into-microphone-that-can-listen-in-on-your-computers-fan-whine/

   As reported by The Register, hackers can now listen in on conversations happening around your computer by turning a hard drive into a microphone. There are caveats: the hack only works if these conversations are twice as loud as a blender, or about as loud as a lawn mower. In short, no one talks that loud, move along, nothing to see here.

   The attack is to be presented at the 2019 IEEE Symposium on Security and Privacy, and describes the attack as a modification of the firmware on a disk drive to read the Position Error Signal that keeps read/write heads in the optimal position. This PES is affected by air pressure, and if something is affected by air pressure, you’ve got a microphone. In this case, it’s a terrible microphone that’s mechanically coupled to a machine that has a lot of vibrations including the spinning platter and a bunch of fans inside the computer. This is an academic exercise, and not a real attack,

   From hard drive to over-heard drive: Boffins convert spinning rust into eavesdropping mic
   GOOD ENOUGH TO RECOGNIZE MUSIC VIA SHAZAM IF YOU TURN IT UP TO 11
   https://www.theregister.co.uk/2019/03/07/hard_drive_eavesdropping/

   Reply
4. March 16, 2019 at 8:51 pm

   Tomi Engdahl says:

   From hard drive to over-heard drive: Boffins convert spinning rust into eavesdropping mic
   https://www.theregister.co.uk/2019/03/07/hard_drive_eavesdropping/

   GOOD ENOUGH TO RECOGNIZE MUSIC VIA SHAZAM IF YOU TURN IT UP TO 11

   Reply