Hard Disk As An Accidental Microphone

Your Hard Disk As An Accidental Microphone article tells that modern hard disks can sense sounds around them unintentionally.  [Alfredo Ortega] has uncovered in his talk at the EKO Party conference in Buenos Aires where he he demonstrates how a traditional spinning-rust computer hard disk interacts with vibration in its surroundings, and can either become a rudimentary microphone, or be compromised by sound at its resonant frequency (PDF). Regular spinning Hard disk drives can be used to detect movement and sound. Modern Operative system provide very high resolution timers, even to unprivileged users -give potential to timing attacks.

Quick teaser of @ekoparty talk “Turning hard disk drives into accidental microphones”

View also this related video  where Brendan Gregg from Sun’s Fishworks team makes an interesting discovery about inducing disk latency:

Shouting in the Datacenter

 

 

 

1 Comment

  1. Tomi Engdahl says:

    Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More
    https://it.slashdot.org/story/17/12/27/1555221/acoustic-attacks-on-hdds-can-sabotage-pcs-cctv-systems-atms-more?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    Attackers can use sound waves to interfere with a hard drive’s normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations. The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD’s data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect

    Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More
    https://www.bleepingcomputer.com/news/security/acoustic-attacks-on-hdds-can-sabotage-pcs-cctv-systems-atms-more/

    Attackers can use sound waves to interfere with a hard drive’s normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations.

    The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD’s data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect.

    Back in 2008, current Joyent CTO Brandon Gregg showed how loud sounds induce read/write errors for a data center’s hard drives, in the now infamous “Shouting in a datacenter” video. Earlier this year, an Argentinian researcher demoed how he made a hard drive temporarily stop responding to OS commands by playing a 130Hz tone.

    New research shows practicality of HDD acoustic attacks

    Last week, scientists from the Princeton and Purdue universities published new research into the topic, expanding on the previous findings with the results of additional practical tests.

    The research team used a specially crafted test rig to blast audio waves at a hard drive from different angles, recording results to determine the sound frequency, attack time, distance from the hard drive, and sound wave angle at which the HDD stopped working.

    Researchers didn’t have any difficulties in determining the optimum attack frequency ranges for the four Western Digital hard drives they used for their experiments.

    Researchers say that any attacker that can generate acoustic signals within the vicinity of HDD storage systems has a simple attack venue at his disposal for sabotaging companies or lone individuals.

    Acoustic attacks can be delivered in multiple ways
    The attacker can either apply the signal by using an external speaker or exploit a speaker near the target. Toward this end, the attacker may potentially take advantage of remote software exploitation (for example, remotely controlling the multimedia software in a vehicle or personal device), deceive the user to play a malicious sound attached to an email or a web page, or embed the malicious sound in a widespread multimedia (for example, a TV advertisement).

    Once an attacker finds a method of delivering the acoustic attack, its results will vary based on a series of conditions.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*