Tuesday, February 11, 2025
HomeSecurity NewsAcoustic Attack Against HDDs Can Cause Permanent Damage CCTV DVR, PCs, ATMs

Acoustic Attack Against HDDs Can Cause Permanent Damage CCTV DVR, PCs, ATMs

Published on

SIEM as a Service

Follow Us on Google News

Hard disks play a vital role in numerous computing systems including, personal computers, closed-circuit television (CCTV) systems, medical bedside monitors, and automated teller machines (ATMs).

Security researchers from Purdue University show that an attacker can use acoustic sound to cause significant vibrations in HDDs internal components.They show even if a small displacement in the head leads to malfunction with HDD operation and can cause permanent damage.

Also Read: Russian Bank ATM Vulnerability Allows to Hack the ATM by Pressing Shift Key Five Times

HDD Acoustic Attack

An HDD consists of two components the platters and the read-write heads. The data will be stored in platters and the read/write operations performed by heads.

If the attacker can create the acoustic signals nearer to victim device in audible frequencies by using an external speaker or any other device may result in remote software exploitation which allows an attacker to deceive the user to play a malicious sound attached to an email or a web page.

Also, they assume that attacker can reverse engineer the computing system to find its HDDs model.Researchers published a PoC explaining technical details.

Researchers demonstrated “For testing HDDs, the target HDD was connected to a PC via a USB 3 SATA adapter. The standard read/write benchmark from the Linux Disk Utility was used to monitor the impact of sound on the performance of the disk drive. In addition, we used the Self-Monitoring, Analysis and Reporting Technology (SMART) interface through the smartmontools Linux package to gather detailed information on hard drive health. SMART is implemented in many modern hard drives and is widely used in HDD reliability”
Acoustic Attack

They halted Read/Write Operations through Sound, for this they connected two disk drives to the computer externally and exposed to varying sound frequency recorded frequency ranges leading to a full halt in reading and write operations. In this attack, the speaker was placed at a distance of 10cm focusing the target disk drive.

Also, they exposed a DVR for the sound attack within 230 seconds from starting the acoustic attack, a pop-up warning window appeared on the monitor stating “Disk lost!”.Researchers said, “we generate sound waves close to natural eigenfrequencies of HDD platters to cause rotational vibrations.”
Acoustic Attack

Before this researcher from Ben-Gurion University of the Negev (BGU) introduced a new covert channel which uses the Infrared and Surveillance camera as a Communication Channel and they Named as aIR-Jumper.

Researchers believe that their proof-of-concept demonstrations shed light on a new security threat against computing systems, paving the way for further exploring overlooked vulnerabilities of HDDs.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35%...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

New FUD Malware Targets MacOS, Evading Antivirus and Security Tools

A new strain of Fully Undetectable (FUD) macOS malware, dubbed "Tiny FUD," has emerged,...

Google Blocks 2.28 Million Malicious Apps from Play Store in Security Crackdown

In a continued commitment to enhancing user safety and trust, Google has outlined significant...

Hackers Exploiting DNS Poisoning to Compromise Active Directory Environments

A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently...