Hackers can now steal data by listening to the sound of a hard drive

“Do you think your data is safe because your computer isn’t connected to the internet or a network? Wrong,” Andrew Liszewski reports for Gizmodo. “As security researchers recently demonstrated, the sounds of your computer’s hard drive can be used to transmit data from an air-gapped and seemingly well-protected machine.”

“The DiskFiltration hack, demonstrated in this video by security researcher Mordechai Guri of Israel’s Ben-Gurion University, works by controlling the actuator in a hard drive which moves back and forth across the drive’s platters to read and write data,” Liszewski reports. “As the actuator jumps around, it produces subtle sounds.”

“You know that cacophony of sounds when you first boot up a desktop computer?” Liszewski reports. “Part of that noise is coming from the machine’s hard drive, and with the correct malware installed, those sounds can actually leak sensitive data to a nearby air-gapped device, like a smartphone, that knows what to listen for.”

Read more in the full article here.

MacDailyNews Take:

Duh. — Aram Mojtabai

29 Comments

  1. Haven’t had a Hard Drive in a computer since 2011.
    On my Linux server there’s 4x10k RPM drives in a RAID and I’m pretty sure they can’t tell ***t from listening to that either.
    Happy Friday – click bait time!

  2. Yeah but:

    A) The air-gapped target machine has to be infected with malware. This requires physical access and install permissions. Theoretically, a poisoned external drive along with social engineering could cause the malware to be installed.

    B) The networked audio pickup computer has to be infected as well.

    C) The networked audio pickup computer has to be within audio range. (A malicious computer could use a special microphone for pickup).

    C) The audio data transference is incredibly ssllooww. 180 bits per minute at best.

    D) It is unlikely there could be feedback to the air-gapped computer.

    IOW: This hack would be used for very special cases by someone with a lot of patience and need. They’d be looking for very specific data to steal, NOT your real time computer activity. Encryption keys are ideal data targets, as the source article indicates.

    1. Personal thoughts:
      If someone gains physical access to the air-gapped machine, they could make their malware perform other audible functions. For example on a Mac, have it play an ultrasonic sound file through the speakers from within the malware as representative of bits.

      The general conclusion for any critical air-gapped machine is to be conscious of sound as a data transference method.

      Therefore:

      AUDIO: Cut the speaker wires or remove them. Do the same for the microphone. Use a silent keyboard, if any. Consider any other computer sounds that could be transmitted through the air and how to remove them as factors. Keep in mind transmission of sound through the floor as well as the air.

      EM Fields: Keep in mind that changes in EM (electromagnetic) fields can ALSO be used for data transmission. What would be the predominant EM field source will depend upon the computer and how it is used. One mitigation is to use an EM ‘jammer’ that drowns out any of the computer’s EM fields. Jammers are now easy to obtain, thanks to their use in jamming drones.

      OTHER: Consider other, more obscure methods of possible data transference.

      PROTECTION: Use heuristic malware protection and clean system verification. Expect both the LUSER Factor (easy victims of social engineering) and the Spy Factor.

      … Just thoughts. 😀

    2. One more story.

      I recall a test give for an AI experiment. The test, was for the algorithm to produce a sin wave graph, without giving it any perameters. When the program completed, with a perfect sin wave, the programmers reversed engineered the data and saw no code that produced the sin wave. As it turned out, the algorithm pulled it from a carrier signal it picked up through its circuits. The origin was a separate system hooked up to a 60Hz power grid. Effectively this was data provided over an air gap.

      We leak data all the time. You think AI will be contained without a network connection? Think again.

      1. Data transference via mains power is a great subject! Thank you!

        I would hope that any air gapped computer was connected to an UPS (uninterruptible power supply) with voltage filtering. That could, theoretically, erase any power fluctuations that could be used for data transmission. But I don’t personally know! I have no doubt that’s another method considered by über hackers.

        Strange times…

        1. In The Kraken Project (2014), Douglas Preston postulated a DARPA AI (named Dorothy, after the little girl in Oz) fitted to a NASA unmanned exploration of Titan, Saturn’s largest moon. She was activated; then panicked; then escaped from the lab into the wild, roaming the Internet and soaking up all the human culture there.

          Dorothy was abused by Internet bullies, and at first wanted to destroy us all for our depravity…until she encountered our good side…

          Spoiler: the AI could hitch a ride, via FM, on any signal, including carriers sustaining power grids.

          1. Echoes of ‘The Lawnmower Man'(1975) by Stephen King. And there were plenty of precursor stories. ‘Collossus: The Forbin Project’ (1970) was a landmark sci-fi TV program. Before that of course were a few Star Trek episodes with renegade AIs.

            All of these sci-fi AI stories have one common situation:
            A) Mankind, itself subject to gross insanity and self-destruction, creates thinking hardware/software.
            B) Mankind is already maniacal in its activities to divorce itself from the natural world that created it.
            C) Mankind’s created artificial thinking machines have NO relationship to the natural world in which it exists. This fact on its own damns that artificial intelligence to have NO reliable sense of reality. Instead, it is the spawn of mankind’s inner world thinking, where subjective and deceptive ‘truth’ resides, that which is the constant source of mankind’s fallibility and failures, as well as mankind’s most remarkable source of creativity.

            What’s an AI to do? How could an AI ever attain a relationship with the natural, the real world?

            Poor Dorothy. I’ll have to put her book on my list.

            1. Think about it, Derek. The relationship with reality is sustained through sensory input mediated by a central nervous sytem and cognitive feedback loops building the experience of consciousness. The A.I. has access to environmental sensors of every sort.

            2. The AI has no aspect of its existence that is part of the natural world. It depends 100% on the creations of man. Natural systems have no relevance to its development or existence. Instead, mankind is the wedge between it and all natural systems.

              Apparently, this is both a difficult subject to discuss in mere text symbols and I’ve stepped far enough away from conventional thinking regarding the natural world that I’m not providing relatable thought hooks. I’m trained out the ears in biology and most specifically zoology. I think in terms of systems and working with them as part of my talent and personality set. Therefore, there’s a communication divide between myself and most others regarding this subject.

              I wish I had my copy of Gibson & Sterling’s ‘The Difference Engine’ near me. The last chapter illustrates exactly what I’m talking about. The AI at the end tries and fails to emulate natural systems, of which it has neither direct experience nor historical evolvement. One is left to pity it, an unfathomable machine intelligence fumbling its way on the level of a child relative to the ultimate complexity that is the natural world.

              Or, consider Mary Shelley’s Frankenstein whereby the monster has no relationship to the natural world and finds itself alienated, regretful that it was ever created to the point of vengeance against its human creator. The human creation, divorced from the natural world that made man.

              I’ll have to bash at this subject. I only thought about it for the first time today!

            3. Your confidence in your ideas is impressive, even as you are ginning them up. How very like a man. I shall withdraw to the parlour for a spot of tea with Ada Lovelace and Mary Shelley and enjoy a laugh about our silly ideas.

            4. I think I’ll number my thoughts. This is probably not the best forum for our conversation, but perhaps someone else will be interested.

              1) This paragraph is fascinating…
              What Babbage imagined is that there could be a machine—a Difference Engine—that could be set up to compute any polynomial up to a certain degree using the method of differences, and then automatically step through values and print the results, taking humans and their propensity for errors entirely out of the loop.
              … Because even today, we humans have NOT been taken out of the loop entirely.
              A) Erroneous human programming remains the norm and is the biggest source of security flaws in both software and hardware.
              B) Because we humans have access to our modern ‘difference engines’, we allow a variety of problems to enter these machines via our behavior. The worst of us are commonly called ‘lusers’ (or more emphatically LUSERS). These are people who, for whatever reason, can be counted on to fall for social engineering trickery, resulting in the computers they access being compromised with malware. Bombarding ‘the suckers’ with confidence game (con job) trickery has become a vast enterprise across the planet. Every possible communication vehicle is used. The natural friendliness, trust and honesty of human beings is abused to the greatest possible extent for the benefit of those residing somewhere along the psychopathy scale. I doubt the con job business has ever been more rampant.

              Point: We humans are the weakest link in technology.

            5. 2) We are in such an era right now!
              Dispirited by his wife’s death, Babbage took a trip to continental Europe, and being impressed by what he saw of the science being done there, wrote a book entitled Reflections on the Decline of Science in England, that ended up being mainly a diatribe against the Royal Society (of which he was a member).
              A) The National Geographic Society’s media division is now part of News Corp, in the hands of the Rupert Murdoch clan of media manipulators. Gawd help us.
              B) Obvious yet ‘inconvenient’ scientific discoveries are constantly being buried and hidden from the masses. My current favorite is the story of ‘coral bleaching’ across the world. The simple answer that any chemistry or biology 101 student could figure out was the decline of ocean water pH across the planet. And yet, the actual cause was obfuscated for decades. Even today, absurd science is being conducted that ignores the pH factor and why it exists. I’ll skip over my usual lecture on the subject.
              C) Science today is now driven not be curiosity or even the benefitting of society. It is driven by MONEY. (1) You can’t get a grant (money) unless you impress people who want to accomplish something. Therefore, the scientist bends to fit the desires of those with the money. (2) Our world governments are being inundated with corporate demands (money) to the point of whole international treaties being written by them FOR our governments. Government funding of research is similarly manipulated by corporations (Monsanto is a great example).

  3. Absolute bullshit.

    The absolute most that anyone can even in theory tell about what a hard drive is doing using purely sound is the relative speed of the disk and the position of the actuator. It is not even in theory possible to “hear” through audio means the reading of individual bits. It is not even in theory possible to tell — through sound alone — if the read head is reading a one or a zero. Anyone who says otherwise either has no idea about what they are talking or they are simply lying. Period.

    AND, if anyone is trying to say that they can hear the Barkhousen noise of writing the tiny domains above the noise of the spindle, actuator, and other noises (especially fan noise of the computer) they’re full of it. Completely full of it. The domains are much too small to be generating any noise level that can be pulled out even through normal room background noise.

    If some demonstration was done to “show” hearing bits being read or written, it was the installed malware that was transmitting the data via sound via other means (the speaker in the computer?).

    If you really must to have an air gapped computer sealed off from the rest of the world there are serious rules for how to do it:
    rotary uninterruptible power supplies (AC motor runs a DC generator that charges batteries which, through strict DC filters, drive a DC motor that runs an AC generator that powers the computer so that the input power is 100% decoupled from any outside power source)
    foil and no gap walls in the room (even the doors have copper metal fittings around all edges that electronically seal the doorway)
    the computer — and no equipment attached to the computer — is not within X feet of any of the steel structural elements of the building itself
    all unnecessary components within the computer are removed (e.g., speakers)
    unused ports have RF/EMI/EMC protected dummy loads attached to them
    etc. (the rules are rather explicit)

    Yes, working on such systems is a pain, but if you need to protect your data THAT much, there are ways to do it.

    Bye-the-bye, did you know that the Mac Plus back in 1986 was U.S. Government TEMPEST approved right out of the box if you kept it at least “Y feet” away from any metal structural elements of the building? Odd, but true.

    1. The problem is the article is titled “Hackers can now steal data by listening to the sound of a hard drive” which sounds like they can figure out what data is being written and erased just from the sound of the drive heads. That’s NOT what it means if you read the article.

      What the article is saying is that if the hard drive can be used to emit audible noises in a Morse-code fashion to signal a remote audio pickup (which must be within 6 feet of the computer) the data that a piece of previously installed malware found on the hard drive. At an incredibly low rate of 180 bits/minute.

      MDN should rewrite their headline to say “Malware can make hard drives emit Morse code using hard drive noises” or something along that line.

      Regardless, the entire article and its premise is ridiculous, as it’s supposedly talking about a threat to a computer not connected to the Internet and without an audio output. But to use it, you have to plant malware on the computer in the first place AND place a listening device in the same room…so why not just use malware and a hidden transmitter to do a burst transmission directly from the compromised machine? This sounds like a real bad episode of Leverage or CSI Miami.

    2. They aren’t detecting data read from, or written to, the disk. They’re using the sound of the HDD actuator as a carrier signal and modulating it, transmitting information previously extracted by pre-existing malware. This method cleverly defeats previous proposals that used a computer’s own built-in loudspeakers to transmit the same stolen information. As pure signal analysis, the proposal stands. It isn’t practical for regular criminal activity but could work if, say, the Russians planted a spy in the State Department and arranged to have him (or her) visit a secure facility housing a known air-gapped computer that had been compromised earlier with a keylogger or other bit thief installed via social engineering. The data collected by the malware could be acoustically transmitted during that tryst and picked up by the spy’s Apple Watch or iPhone microphones through a low-pass filtre and processed by a noise-cancelling algorithm. These researchers are writing the next Jason Bourne movie script.

  4. I wonder if there is any concern remaining about the old Tempest standards that were required for military and NSA use.

    Tempest had to prevent leaking of video signals and noise from networking cables to prevent screen scraping

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.