Turning Hard Drives into Microphones

in #security7 years ago

Is your HDD listening to you?


I stumbled on a very interesting post recently talking about a new piece of research done by Alfredo Ortega revealed at a the Ekoparty security conference in Buenos Aires, Argentina.

It's not accurate yet to pick up conversations. However, there is research that can recover voice data from very low-quality signals using pattern recognition.

I didn't have time to replicate the pattern-recognition portion of that research into mine. However, it's certainly applicable. For that reason, I would not discard that additional data like voice could be recovered in the future.

How does this work?


Mechanical hard drives cannot read or write data to the platters if significant vibrations are present. Instead, the hard drive monitors vibrations, like those created by speaking, and operates during the periods of low amplitude oscillations.

Since software can monitor hard drive operations with high frequency, it's possible to build a profile of the vibrations the drive was exposed to. This can, theoretically, be used to derive the sound, and with high enough accuracy it could be possible to even retrieve conversation.

See this video demonstrating a hard drive "listening" to a song playing nearby:

Potential for more than just surveillance


The fundamental piece to this research is in the way hard drives must react to vibrations. If the vibrations were long-lasting enough, it would be possible to delay drive operation for arbitrary periods of time, and this is exactly what Ortega demonstrated.

Called a "HDD resonance attack", it's possible to completely disable the drive by blasting it with low frequency sound that causes constant vibration. Ortega demonstrated this form of denial of service (DoS) attack using a 130Hz tone that caused the drive to stop responding.

The Linux Kernal disconnected it entirely after 120 seconds

Check out the short video showing the attack off:

https://www.youtube.com/watch?time_continue=1&v=8DdqTz3CW5Y


Official source
Leave a like or resteem if you enjoyed this content. You can also support me directly by sending ETH or ERC20 tokens to Tomshwom.eth. Leave your thoughts below about this crazy HDD exploit!

Sort:  

WTF...interesting! Nice write-up, Mr. Shwom!

Still kinda blows my mind that you are following me, commenting on my posts O.O

Where do you find the time lol?