Acoustic Attack Against HDDs Can Cause Permanent Damage CCTV DVR, PCs, ATMs

Hard disks play a vital role in numerous computing systems including, personal computers, closed-circuit television (CCTV) systems, medical bedside monitors, and automated teller machines (ATMs).

Security researchers from Purdue University show that an attacker can use acoustic sound to cause significant vibrations in HDDs internal components.They show even if a small displacement in the head leads to malfunction with HDD operation and can cause permanent damage.

Also Read: Russian Bank ATM Vulnerability Allows to Hack the ATM by Pressing Shift Key Five Times

HDD Acoustic Attack

An HDD consists of two components the platters and the read-write heads. The data will be stored in platters and the read/write operations performed by heads.

If the attacker can create the acoustic signals nearer to victim device in audible frequencies by using an external speaker or any other device may result in remote software exploitation which allows an attacker to deceive the user to play a malicious sound attached to an email or a web page.

Also, they assume that attacker can reverse engineer the computing system to find its HDDs model.Researchers published a PoC explaining technical details.

Researchers demonstrated “For testing HDDs, the target HDD was connected to a PC via a USB 3 SATA adapter. The standard read/write benchmark from the Linux Disk Utility was used to monitor the impact of sound on the performance of the disk drive. In addition, we used the Self-Monitoring, Analysis and Reporting Technology (SMART) interface through the smartmontools Linux package to gather detailed information on hard drive health. SMART is implemented in many modern hard drives and is widely used in HDD reliability”

They halted Read/Write Operations through Sound, for this they connected two disk drives to the computer externally and exposed to varying sound frequency recorded frequency ranges leading to a full halt in reading and write operations. In this attack, the speaker was placed at a distance of 10cm focusing the target disk drive.

Also, they exposed a DVR for the sound attack within 230 seconds from starting the acoustic attack, a pop-up warning window appeared on the monitor stating “Disk lost!”.Researchers said, “we generate sound waves close to natural eigenfrequencies of HDD platters to cause rotational vibrations.”

Before this researcher from Ben-Gurion University of the Negev (BGU) introduced a new covert channel which uses the Infrared and Surveillance camera as a Communication Channel and they Named as aIR-Jumper.

Researchers believe that their proof-of-concept demonstrations shed light on a new security threat against computing systems, paving the way for further exploring overlooked vulnerabilities of HDDs.