After protecting your computer against hacking attempts over a network, or via a plug-in USB drive, you may soon need an acoustically sealed room to keep your data safe from hackers.
According to a study by Princeton and Purdue University researchers, disrupting a hard disk’s normal functioning is a relatively easy task using sound waves. Their study was motivated by the fact that due to their vital role in various systems, hard disks are an “an interesting target for a plethora of attackers.”
Using a speaker emitting sound waves at particular resonant frequencies, the researchers were successfully able to perform a Denial of Service (DoS) attack on a hard disk connected to a DVR, and another connected to a Desktop PC.
The DVR stopped recording once the attack was performed, and the Desktop PC essentially went into a BSOD state — the infamous Blue Screen of Death – in Windows.
The reason this works is because of the fundamental way in which hard disks use mechanical parts, i.e the head and spinning disks. To prevent the head from scratching the data platters, hard disks cease operations if there’s a lot of vibration — a safety ‘fail-safe’ of sorts that has now been exploited as an attack vector. The sound waves, when targeted at the hard disk at a particular frequency, basically start resonating inside the hard disk, causing vibrations to increase steadily and finally forcing the hard disk to stop working.
Every hard disk has a particular resonant frequency, but according to the researchers, they didn’t encounter any difficulties figuring out the appropriate frequencies for a number of different hard-disks. They claimed that hackers wouldn’t have any difficulties doing the same, either.
Since the attack performed during the study required the speaker be set at a very particular angle, it’s not yet something that will be used to exploit hard-drives on a mass scale. But this proof-of-concept shows hackers could figure out a clever way to actually use this attack vector in real life.