Hard Disk Drives (HDDs) are most commonly used storage components because these tend to be energy efficient and low cost. HDDs are a mandatory element of any computing system from PCs to CCTV, bedside monitors and ATMs. Until now we never doubted the security of HDDs and stored data without any hesitation.
But probably now we would need to think twice since the findings of a combined study conducted by researchers from Princeton and Purdue University reveal that [PDF] devices using HDD technology can be compromised using acoustic signals are certain frequencies.
It can be termed as the first ever example of non-contact Denial of Service (DoS) attack against HDDs. Acoustic resonance plays a prominent role in this attack mechanism. Acoustic resonance is a method in which a sound wave pushes an object to vibrate at high amplitude. This can be done by setting specific frequencies.
Researchers noted that real-world systems heavily rely upon HDDs, which is an aspect that inspired this research. It was observed that acoustic resonance causes vibrations in an object so when physical characteristics of key components of HDDs were examined (including read, write head and platters) it was noted that acoustic signals are created that caused considerable vibration in HDD platters. Due to the oscillation, the write and read operation of the HDD got halted, which had the tendency of affecting the security of mission-critical systems.
The six-member team of researchers utilized the resonance scattering theory to prove that HDDs can leak critical private data due to electromagnetic or acoustic emanations. In their proof-of-concept, the team showed that their non-contact DoS attack negatively affected the operations of HDDs. As they noted in their paper [PDF]:
“We demonstrate how an attacker can disable a CCTV system by targeting its digital video recorder (DVR) device. Further, we show how the proposed attack can target a personal computer, causing a failure in its underlying OS.”
Researchers opened an HDD and exposed its parts to strategically designed sound waves to properly analyze inherent vulnerabilities. After several attempts to attack, an increment in Seek_Error_Rate was witnessed in the SMART logs of the HDDs. This was the pre-failure feature that can affect the system’s performance. When they assessed CCTV cameras, it was noticed that every frame of the video, which was being stored on a DVR had highly ‘crucial forensic evidence.’
According to Bleeping Computer, the method works because sound waves create resonance effect to amplify vibration. Since HDDs nowadays shut off automatically when vibrating to avoid scratching of data-storage platters by mechanical arms that perform the read-write operation because this would lead to data loss and disrupt or even crash the other associated devices. Depending upon the length of the resonance, researchers claimed, it was possible to include temporary and permanent faults.
The research was conducted on CCTV systems and desktop computers and both devices were found to be vulnerable to attack by the sound-wave system. However, the disruption relied upon specially designed sound and it was also important that the sound was played from a close distance.
It was also identified that if more powerful sound sources are used, the attack range surprisingly increased accordingly. But, while examining CCTV systems, researchers could prevent the device from recording camera data and in Desktop Computer, they were able to drive it into BSOD state.