Information security specialists have repeatedly studied the vector of so-called "acoustic attacks". It has long been known that properly selected sound waves can vibrate hard drives 'pancakes', and if sound is broadcast at a certain frequency, resonance occurs that only amplifies the vibration.
Since it is impossible to read or write information while the "pancakes" are vibrating, modern systems, upon detecting such a problem, suspend work with the HDD and wait for the oscillation to stop. Otherwise, there is a risk of damage to the surface, and with it the data.
Perhaps the most famous example of hard drives being sensitive to ambient sound is a video recorded by researcher Brandon Gregg back in 2008. It can be seen below.
You can also recall that earlier in 2017, the Argentinean specialist Alfredo Ortega demonstrated the HDD Killer attack, which, using sound at a frequency of 130 Hz, makes the hard drive stop responding to OS requests.
Now a report (PDF) on this issue has been presented by a combined team of specialists from Princeton University and Purdue University. Experts conducted a series of practical tests and tested on a special test bench how HDDs work under the influence of sound waves coming from different distances, at different angles, with different frequencies and for different periods of time.
Experts write that during the tests it was not difficult to find the optimal frequency and distance to attack each of the Western Digital hard drives under study (see the table below). Moreover, in their opinion, the solution of such a task will not cause any difficulties for real attackers.
These acoustic attacks, which are essentially sonic DoS, can be used in real life to sabotage a wide variety of systems, companies or individuals, according to the report. The closer the sound source is to the target, the less time it will take to implement the attack. Moreover, the longer such an attack lasts, the more chances it will provoke a serious denial of service, which will require at least a reboot of the device.
The researchers write that acoustic attacks on HDDs can be very effective against DVR systems that work with CCTV cameras, as well as computers running Windows 10, Ubuntu 16, and Fedora 27.
For example, an effective acoustic attack on a DVR takes only 230 seconds. After this time has elapsed, the system reports that "The disk is lost!". And even after the attack is stopped and the system is rebooted, it will not be possible to view the video from the cameras connected to the DVR - the recording is interrupted during the attack.
In turn, the sound transmitted at a frequency of 9.1 KHz from a distance of 25 centimeters from the PC case, will provoke many problems in the computer, up to BSOD. A table with the results of such experiments can be seen below. It should be noted that the attack does not have to be carried out at close range, according to experts, this issue is also solved quite easily (the attacker will just need a more powerful sound source).
xakep.ru
