Sunday, July 14, 2024

Acoustic Attack Against HDDs Can Cause Permanent Damage CCTV DVR, PCs, ATMs

Hard disks play a vital role in numerous computing systems including, personal computers, closed-circuit television (CCTV) systems, medical bedside monitors, and automated teller machines (ATMs).

Security researchers from Purdue University show that an attacker can use acoustic sound to cause significant vibrations in HDDs internal components.They show even if a small displacement in the head leads to malfunction with HDD operation and can cause permanent damage.

Also Read: Russian Bank ATM Vulnerability Allows to Hack the ATM by Pressing Shift Key Five Times

HDD Acoustic Attack

An HDD consists of two components the platters and the read-write heads. The data will be stored in platters and the read/write operations performed by heads.

If the attacker can create the acoustic signals nearer to victim device in audible frequencies by using an external speaker or any other device may result in remote software exploitation which allows an attacker to deceive the user to play a malicious sound attached to an email or a web page.

Also, they assume that attacker can reverse engineer the computing system to find its HDDs model.Researchers published a PoC explaining technical details.

Researchers demonstrated “For testing HDDs, the target HDD was connected to a PC via a USB 3 SATA adapter. The standard read/write benchmark from the Linux Disk Utility was used to monitor the impact of sound on the performance of the disk drive. In addition, we used the Self-Monitoring, Analysis and Reporting Technology (SMART) interface through the smartmontools Linux package to gather detailed information on hard drive health. SMART is implemented in many modern hard drives and is widely used in HDD reliability”
Acoustic Attack

They halted Read/Write Operations through Sound, for this they connected two disk drives to the computer externally and exposed to varying sound frequency recorded frequency ranges leading to a full halt in reading and write operations. In this attack, the speaker was placed at a distance of 10cm focusing the target disk drive.

Also, they exposed a DVR for the sound attack within 230 seconds from starting the acoustic attack, a pop-up warning window appeared on the monitor stating “Disk lost!”.Researchers said, “we generate sound waves close to natural eigenfrequencies of HDD platters to cause rotational vibrations.”
Acoustic Attack

Before this researcher from Ben-Gurion University of the Negev (BGU) introduced a new covert channel which uses the Infrared and Surveillance camera as a Communication Channel and they Named as aIR-Jumper.

Researchers believe that their proof-of-concept demonstrations shed light on a new security threat against computing systems, paving the way for further exploring overlooked vulnerabilities of HDDs.


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles