2 min read

Researchers use sound to compromise hard drives in new DOS proof-of-concept

Filip TRUȚĂ

December 27, 2017

Researchers use sound to compromise hard drives in new DOS proof-of-concept

In an entirely new twist on the security of hard disk drives (HDDs), a team of researchers from Princeton and Purdue University have released a paper demonstrating how acoustic signals at specific frequencies can compromise devices that rely on HDD technology.

Motivated by the insight that computers, closed-circuit television (CCTV) systems, medical bedside monitors, and even automated teller machines (ATMs) heavily rely on HDDs, the team of six borrowed concepts from “resonance scattering theory” to prove HDDs could leak critical private information through acoustic or electromagnetic emanations.

The team proposes an innovative denial-of-service (DoS) attack against HDDs that, instead of exploiting software, exploits a physical phenomenon known as “acoustic resonance.”

In what the team believes is the first instance of non-contact denial of service security attacks against HDDs, the paper investigates how an attacker can leverage acoustic resonance “to negatively affect the regular operation of HDDs.”

The researchers then highlight the negative consequences of the proposed attack using two real-world case studies involving a regular computer and a CCTV system.

“We demonstrate how an attacker can disable a CCTV system by targeting its digital video recorder (DVR) device. Further, we show how the proposed attack can target a personal computer, causing a failure in its underlying OS,” the paper reads.

To perform the acoustic attack proof-of-concept without any barrier shielding the HDD, the team opened up a hard drive and left its parts exposed to the carefully crafted sound waves. This, according to the team, was an effort to “better analyze potential vulnerabilities.” The team”s experimental setup is depicted in the image above.

After performing a number of attacks, SMART logs of tested HDDs showed increased “Seek_Error_Rate,” a pre-failure attribute that that can hurt the system”s performance.

In the case of CCTV cameras, “every frame of video stored on a DVR could potentially be highly crucial forensic evidence,” the paper reads, making this vulnerability extremely feasible to bad actors.

Read the full research paper (highly recommended) to learn more about potential attackers and their capabilities, halting Read/Write operations through sound, as well as the interesting physics behind the proposed attack.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read