[BreachExchange] Hackers Could Crash Your Mechanical Hard Disks Using Just Sound Waves
Destry Winant
destry at riskbasedsecurity.com
Thu Dec 28 06:21:52 EST 2017
https://beebom.com/hackers-crash-hdd-sound-waves/
After protecting your computer against hacking attempts over a
network, or via a plug-in USB drive, you may soon need an acoustically
sealed room to keep your data safe from hackers.
According to a study by Princeton and Purdue University researchers,
disrupting a hard disk’s normal functioning is a relatively easy task
using sound waves. Their study was motivated by the fact that due to
their vital role in various systems, hard disks are an “an interesting
target for a plethora of attackers.”
Using a speaker emitting sound waves at particular resonant
frequencies, the researchers were successfully able to perform a
Denial of Service (DoS) attack on a hard disk connected to a DVR, and
another connected to a Desktop PC.
The DVR stopped recording once the attack was performed, and the
Desktop PC essentially went into a BSOD state — the infamous Blue
Screen of Death – in Windows.
The reason this works is because of the fundamental way in which hard
disks use mechanical parts, i.e the head and spinning disks. To
prevent the head from scratching the data platters, hard disks cease
operations if there’s a lot of vibration — a safety ‘fail-safe’ of
sorts that has now been exploited as an attack vector. The sound
waves, when targeted at the hard disk at a particular frequency,
basically start resonating inside the hard disk, causing vibrations to
increase steadily and finally forcing the hard disk to stop working.
Every hard disk has a particular resonant frequency, but according to
the researchers, they didn’t encounter any difficulties figuring out
the appropriate frequencies for a number of different hard-disks. They
claimed that hackers wouldn’t have any difficulties doing the same,
either.
Since the attack performed during the study required the speaker be
set at a very particular angle, it’s not yet something that will be
used to exploit hard-drives on a mass scale. But this proof-of-concept
shows hackers could figure out a clever way to actually use this
attack vector in real life.
More information about the BreachExchange
mailing list