Friday, March 29, 2024

Acoustic Attack Against HDDs Can Cause Permanent Damage CCTV DVR, PCs, ATMs

Hard disks play a vital role in numerous computing systems including, personal computers, closed-circuit television (CCTV) systems, medical bedside monitors, and automated teller machines (ATMs).

Security researchers from Purdue University show that an attacker can use acoustic sound to cause significant vibrations in HDDs internal components.They show even if a small displacement in the head leads to malfunction with HDD operation and can cause permanent damage.

Also Read: Russian Bank ATM Vulnerability Allows to Hack the ATM by Pressing Shift Key Five Times

HDD Acoustic Attack

An HDD consists of two components the platters and the read-write heads. The data will be stored in platters and the read/write operations performed by heads.

If the attacker can create the acoustic signals nearer to victim device in audible frequencies by using an external speaker or any other device may result in remote software exploitation which allows an attacker to deceive the user to play a malicious sound attached to an email or a web page.

Also, they assume that attacker can reverse engineer the computing system to find its HDDs model.Researchers published a PoC explaining technical details.

Researchers demonstrated “For testing HDDs, the target HDD was connected to a PC via a USB 3 SATA adapter. The standard read/write benchmark from the Linux Disk Utility was used to monitor the impact of sound on the performance of the disk drive. In addition, we used the Self-Monitoring, Analysis and Reporting Technology (SMART) interface through the smartmontools Linux package to gather detailed information on hard drive health. SMART is implemented in many modern hard drives and is widely used in HDD reliability”
Acoustic Attack

They halted Read/Write Operations through Sound, for this they connected two disk drives to the computer externally and exposed to varying sound frequency recorded frequency ranges leading to a full halt in reading and write operations. In this attack, the speaker was placed at a distance of 10cm focusing the target disk drive.

Also, they exposed a DVR for the sound attack within 230 seconds from starting the acoustic attack, a pop-up warning window appeared on the monitor stating “Disk lost!”.Researchers said, “we generate sound waves close to natural eigenfrequencies of HDD platters to cause rotational vibrations.”
Acoustic Attack

Before this researcher from Ben-Gurion University of the Negev (BGU) introduced a new covert channel which uses the Infrared and Surveillance camera as a Communication Channel and they Named as aIR-Jumper.

Researchers believe that their proof-of-concept demonstrations shed light on a new security threat against computing systems, paving the way for further exploring overlooked vulnerabilities of HDDs.

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles