Hard Disk As An Accidental Microphone

Your Hard Disk As An Accidental Microphone article tells that modern hard disks can sense sounds around them unintentionally.  [Alfredo Ortega] has uncovered in his talk at the EKO Party conference in Buenos Aires where he he demonstrates how a traditional spinning-rust computer hard disk interacts with vibration in its surroundings, and can either become a rudimentary microphone, or be compromised by sound at its resonant frequency (PDF). Regular spinning Hard disk drives can be used to detect movement and sound. Modern Operative system provide very high resolution timers, even to unprivileged users -give potential to timing attacks.

Quick teaser of @ekoparty talk “Turning hard disk drives into accidental microphones”

View also this related video  where Brendan Gregg from Sun’s Fishworks team makes an interesting discovery about inducing disk latency:

Shouting in the Datacenter

 

 

 

4 Comments

  1. Tomi Engdahl says:

    Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More
    https://it.slashdot.org/story/17/12/27/1555221/acoustic-attacks-on-hdds-can-sabotage-pcs-cctv-systems-atms-more?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    Attackers can use sound waves to interfere with a hard drive’s normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations. The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD’s data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect

    Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More
    https://www.bleepingcomputer.com/news/security/acoustic-attacks-on-hdds-can-sabotage-pcs-cctv-systems-atms-more/

    Attackers can use sound waves to interfere with a hard drive’s normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations.

    The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD’s data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect.

    Back in 2008, current Joyent CTO Brandon Gregg showed how loud sounds induce read/write errors for a data center’s hard drives, in the now infamous “Shouting in a datacenter” video. Earlier this year, an Argentinian researcher demoed how he made a hard drive temporarily stop responding to OS commands by playing a 130Hz tone.

    New research shows practicality of HDD acoustic attacks

    Last week, scientists from the Princeton and Purdue universities published new research into the topic, expanding on the previous findings with the results of additional practical tests.

    The research team used a specially crafted test rig to blast audio waves at a hard drive from different angles, recording results to determine the sound frequency, attack time, distance from the hard drive, and sound wave angle at which the HDD stopped working.

    Researchers didn’t have any difficulties in determining the optimum attack frequency ranges for the four Western Digital hard drives they used for their experiments.

    Researchers say that any attacker that can generate acoustic signals within the vicinity of HDD storage systems has a simple attack venue at his disposal for sabotaging companies or lone individuals.

    Acoustic attacks can be delivered in multiple ways
    The attacker can either apply the signal by using an external speaker or exploit a speaker near the target. Toward this end, the attacker may potentially take advantage of remote software exploitation (for example, remotely controlling the multimedia software in a vehicle or personal device), deceive the user to play a malicious sound attached to an email or a web page, or embed the malicious sound in a widespread multimedia (for example, a TV advertisement).

    Once an attacker finds a method of delivering the acoustic attack, its results will vary based on a series of conditions.

    Reply
  2. Tomi Engdahl says:

    Your Hard Drive May Be Listening
    March 4, 2019• Physics 12, 24
    https://physics.aps.org/articles/v12/24?fbclid=IwAR3QWj8g0E_3-6lah7M_cIS2tPeIlnsv_nUIW74mC9MvMjV5cJn9zjt9E_U

    Researchers demonstrated that a hard drive can be used as a microphone, allowing attackers to listen in to conversations.

    Reply
  3. Tomi Engdahl says:

    Hackers Turn Hard Drive Into Microphone That Can Listen In On Your Computer’s Fan Whine
    https://hackaday.com/2019/03/13/hackers-turn-hard-drive-into-microphone-that-can-listen-in-on-your-computers-fan-whine/

    As reported by The Register, hackers can now listen in on conversations happening around your computer by turning a hard drive into a microphone. There are caveats: the hack only works if these conversations are twice as loud as a blender, or about as loud as a lawn mower. In short, no one talks that loud, move along, nothing to see here.

    The attack is to be presented at the 2019 IEEE Symposium on Security and Privacy, and describes the attack as a modification of the firmware on a disk drive to read the Position Error Signal that keeps read/write heads in the optimal position. This PES is affected by air pressure, and if something is affected by air pressure, you’ve got a microphone. In this case, it’s a terrible microphone that’s mechanically coupled to a machine that has a lot of vibrations including the spinning platter and a bunch of fans inside the computer. This is an academic exercise, and not a real attack,

    From hard drive to over-heard drive: Boffins convert spinning rust into eavesdropping mic
    GOOD ENOUGH TO RECOGNIZE MUSIC VIA SHAZAM IF YOU TURN IT UP TO 11
    https://www.theregister.co.uk/2019/03/07/hard_drive_eavesdropping/

    Reply
  4. Tomi Engdahl says:

    From hard drive to over-heard drive: Boffins convert spinning rust into eavesdropping mic
    https://www.theregister.co.uk/2019/03/07/hard_drive_eavesdropping/

    GOOD ENOUGH TO RECOGNIZE MUSIC VIA SHAZAM IF YOU TURN IT UP TO 11

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*