Scientists in Israel have demonstrated a new vulnerability in computers, with a hack that makes PCs leak sensitive data encoded in the subtle (or not so subtle) whirring noises of their hard drives.
The attack, called DiskFiltration, is the latest technique to show that even PCs that are completely disconnected from the internet and any local networks – known as air-gapped computers – aren't necessarily safe from hackers.
"An air-gap isolation is considered to be a hermetic security measure which can prevent data leakage," Mordechai Guri, a security researcher from Ben-Gurion University, told Dan Goodin at Ars Technica.
"Confidential data, personal information, financial records, and other type of sensitive information [are] stored within isolated networks. We show that despite the degree of isolation, the data can be exfiltrated (for example, to a nearby smartphone)."
Once a computer is infected with DiskFiltration, data that's been stolen by the malware is encoded and then relayed – simply via the noises the computer's hard drive generates – to an intercepting device in the immediate vicinity.
"[M]alware installed on a compromised machine can generate acoustic emissions at specific audio frequencies by controlling the movements of the HDD's actuator arm," the researchers write in their paper, referring to the component that reads data off a hard disk platter, much like a needle on a vinyl turntable.
When you boot your PC and your hard drive whirs to life, it's the sound of the platter spinning and the actuator physically engaging with it that makes all the noise. By manipulating that interaction, the researchers have shown that it's possible to relay a code to any malicious devices nearby that are designed to 'hear' that code in audio form.
"Digital Information can be modulated over the acoustic signals and then be picked up by a nearby receiver (e.g. smartphone, smartwatch, laptop, etc.)," the team explains.
It's not the first time we've seen security researchers show how audio vulnerabilities can be used to covertly transmit data. The same team responsible for DiskFiltration demonstrated a similar PC vulnerability back in June called Fansmitter, where the whirring noises of your computer fan could be used to broadcast the same kind of sensitive information.
And researchers from the University of California, Irvine announced in April that the noises 3D printers generate actually makes it possible to reverse-engineer the design of any object being produced – potentially putting the intellectual property of 3D printing designs at risk.
The limitations of DiskFiltration are similar to that of Fansmitter. Both approaches require the air-gapped machine to already be compromised. In other words, you can't hack a PC with the malware, but if the computer gets infected by other means – by, say, employees not being too careful with their USB keys – then any data on it could be at risk.
But you'd still need an intercepting device like a rogue smartphone in close proximity to interpret the hard drive noises. That device needs to stick within 2 metres (about 6 feet) to adequately hear the audio.
And the data transmission is also glacially slow — just 180 bits per minute, which means it would take forever to relay a large amount of data. But you could transmit things like passwords and cryptographic keys in short order.
That's why the researchers think that it's still a valid security threat – at least for machines not equipped with a solid state drive, which has no moving parts with which to make these kinds of noises in the first place.
The research documenting DiskFiltration hasn't been published in a scientific journal just yet, but is available to view on pre-print science database arXiv.org, to give other researchers the opportunity to poke holes in it ahead of the formal peer-review process.
The researchers explain more about the technique in the video below.