Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More (bleepingcomputer.com) 71
Catalin Cimpanu, writing for BleepingComputer: Attackers can use sound waves to interfere with a hard drive's normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations. The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD's data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect. Because hard drives store vasts amounts of information inside small areas of each platter, they are programmed to stop all read/write operations during the time a platter vibrates so to avoid scratching storage disks and permanently damaging an HDD. Last week, scientists from the Princeton and Purdue universities published new research into the topic, expanding on the previous findings with the results of additional practical tests. The research team used a specially crafted test rig to blast audio waves at a hard drive from different angles, recording results to determine the sound frequency, attack time, distance from the hard drive, and sound wave angle at which the HDD stopped working.
Sounds like a use case for SSDs (Score:5, Insightful)
Step 2 - move to spinning storage (this does not even have to be onsite where the attack is possible)
Pretty simple way to harden it would seem.
I was originally concerned about the longevity of the SSD,
But the News at 11 is just more sound waves!
paid for by SSD markers buy now before prices go up
paid for by SSD markers buy now before prices go up to cover our court fees!
Haven't you heard of SSD markers? Paint the edges of the SSD drive with the green colored marker and then the audio quality increases dramatically.
You may call the french many things, but commies? meter is a french invented concept.
If you are near a ATM or other public machine, a sledge is kinda conspicuous, especially when used.
Some tone generator much much less so, as long as it works through the case of the ATM and isn't jackhammer-loud
Besides: when you beat up the ATM already, you simply steal the money inside after breaking it open, not just corrupt the harddisk in some weird high tech kinda attack.
Communism was kind of a French thing, for example [wikipedia.org]. Arguably Lenin patterned himself after Robespierre, using him as a role model.
Sure, sound energy causes vibrations... (Score:5, Insightful)
but how practical is this? If you're in close enough to blast the HDDs, you're in close enough to do a lot more than that.
Somebody screaming at the top of their lungs might be noticeable.
Not at a few companies I've seen.
So about the same as an old Sun server, then.
I wonder if that could do it:
Long Range Acoustic Device (LRAD) G20 Pittsburgh
https://www.youtube.com/watch?... [youtube.com]
Insulated exterior walls would attenuate most of it. And a DIY LRAD (a car with ghetto blaster speakers in the trunk) wouldn't be too subtle.
Then put a thumper somewhere outside the building...
Just work fast and vary your steps or the sand worms will git ya.
The trusted user and their now malware infected and "on" cell phone is close enough.
Leaking electromagnetic emanations give the NSA and GCHQ entire nations mil/embassy plain text just by been near the decoded plain text been printed.
A ceiling, wall cavity, tunnel under an embassy.
France lost its entire diplomatic encryption system in the 1950's to the UK and USA by n
"We assume attacker is in in the vicinity of HD" (Score:3)
We assume that the attacker can generate acoustic signals in the vicinity of the victim device, at frequencies within the audible range (2 - 20 kHz). The attacker can either apply the signal by using an external speaker or exploit a speaker near the target.
In order to get near the HD the attacker will likely have to pass in front of one or more of the security cameras that are streaming to the HD they're looking to interrupt, which means there will still be footage of them . And if they can get that close to the HD they can just physical destroy it anyway.
If they were in vicinity of HD, wouldn't it be more "quiet" to use a large magnet? Or a hammer?
Insider job and trying to maintain plausible deniability (avoid creating evidence of intention to vandalize the equipment).
That's my only thought, because a good CCTV installation ought to have the live data storage in a place shielded by some protective barriers AND concealed in a location that would be difficult to find/investigate/reach in a hurry.
What if the attackers where CLOWN SUITS?
s/where/wear/g
Brother funking auto corrupt.
Re: (Score:3)
I've just released a Directive to the employees of Porter Industries that cowardice in repelling Evil Clowns is punishable by DEATH.
Agreed. The practicality of this is bullshit. At best, you superglue a piezoelectric speaker to a server, NAS/SAN chassis, tune frequency, and juice up the volume. If it's to be done, it's just for show and theatrics to make a statement "just because I can".
Turned by an offer of a better life, bribe, love, blackmail. Just having their cell phone infected after been identified as a worker with clearance.
An infected cell phone just for that person and mission that turns on when in the secure area of the company or mil site of interest.
http://www.zdnet.com/article/how-a-loud-noise-brought-a-data-center-to-its-knees/
That article describes a completely different and well-documented issue of high-pressure fire suppression systems destroying hard disks due to a massive pressure spike when the gas is released. Modern data center fire suppression systems are designed to ramp up the gas pressure more slowly, to prevent this issue, and given the size of these systems, it's not really an attack you can take on the road with you, unlike the research described in TFA, which looks like it can be performed with little more than a
OK. So what? (Score:3)
From TFA
There's little chance of seeing the mass exploitation of real-world devices using acoustic attacks on hard drives, as such scenario is likely impractical due to the multiple criteria an attacker needs to satisfy.
Nonetheless, acoustic attacks are inherently suitable for targeted attacks against carefully selected critical systems. For example, acoustic attacks can help nation-state sponsored attacks, aid with physical intrusions into secure systems, corrupt or sabotage forensics collection, or even cause loss of human life when attacking HDDs used by medical devices.
So once again you need physical access in order to perform this "exploit". In which case all bets are off anyway.
And the whole ATM thing is just TFA author's wishful thinking, and has nothing to do with the actual research paper.
Just to explore a scenario not included in the research paper, an ATM malware gang can deploy an acoustic attack on an ATM to prevent it from temporarily collecting forensic evidence while fileless malware executes in the ATM's RAM and dispenses cash to attackers. This scenario and many more others exist.
Access to the outside of the box. Tamper seals remain unbroken.
And how did you get in physical proximity to the system?
The nice way of getting a spy on site:
Lots of money can work with people with money problems, a gambling addiction, an illegal hidden addiction that their wage cant support.
Given how accounts and spending habits are now tracked in the USA, UK by the security services, thats not as good unless the well disciplined worker keeps the cash until afte
News flash: access to device lets you disable it (Score:2)
"The research team used a specially crafted test rig to blast audio waves at a hard drive from different angles, recording results to determine the sound frequency, attack time, distance from the hard drive, and sound wave angle at which the HDD stopped working."
Too bad the distance from the hard drive and sound wave angle cannot be determined absent an inside job because, and this is a doozy, the HDD system is almost never located immediately adjacent to the camera.
Good luck finding one on a real world env
Pay a patsy (janitor, disgruntled employee, whatever) on the inside to drop a device onto the DVR (hide it behind, whatever). Trigger remotely when needed, then break in.
Hell, I have been in many small offices where the DVR is in the managers office, which is often open. Get an 'interview' and attempt to plant the device for later use while waiting for the manager to interview you. Think convenience stores, check cashing title loan offices, any small place that deals with
Yes, if you completely ignore the "absent an inside job" phrase in the material that you failed to quote, then you you can claim that I "forget the inside man job."
But I didn't.
Researchers have proven that Large Hammers can disable power supplies. Power supplies are integral parts of PCs, Security Systems, and Nuclear Power Plant control equipment.
There, fix^H^H^Hgeneralized that for you.
You could also ... (Score:2)
Careful Amiga being used ... (Score:2)
I don't know why, but the Amiga was the only system I've used that warned against bumps or dropping; due the possibility of the drive heads taking a divot from the platters.
Someone would slam their joystick on the table and I'd almost panic.
Be very careful ... (Score:2)
... shredding a Fender on a track.
And then, anybody that close ... (Score:2)
... could just use a hammer. This is just another non-issue, blown completely out of proportion.
Every time this is reposted (Score:4, Interesting)
I'm reminded a $2 laser pointer aimed at the camera is much more effectkve.
If you want to spend more money, you can use a high power laser pointer and burn out the camera sensor.
Plenty of drives are used in audio without problem (Score:2)
We have used spinning hard-drives in audio for decades now in both studio and live production. Studios would not typically expose the drives to continuous levels over 91dB, but it is not uncommon. Live production you can over 105dB for many hours and I have never heard of anyone have vibration issues.
