Traditional hard disk drives are inherently noisy. The mechanical whirring sounds from the spinning platters and arms constantly remind us that our computers are indeed working.
Who knew these hard drive sounds could be used to steal data from a computer?
Security researchers from Ben-Gurion University in Israel recently revealed a method that could do precisely that: use a hard drive's mechanical noises to relay information to a nearby receiver.
By using special malware they developed called "DiskFiltration," the researchers managed to transmit binary code (simple 0s and 1s, the fundamental language of computers) by exploiting a hard drive's mechanical arm, the moving part that reads data off the platters.
By manipulating the arm's movements, they were able to generate specific audio frequencies that were then gathered by a nearby smartphone for interpretation.
Although this method is too slow, transmitting a mere 180 bits per minute, they demonstrated that it is enough for pilfering passwords, key logs, and other smaller sets of data. The receiver needs to be at close range too, approximately six feet and it still depends on extraneous noise levels, so this attack has limited practical use.
However, "DiskFiltration" could be used against isolated "air-gapped" computers that are totally disconnected from a network and the internet for security purposes. An attacker could secretly install the malware on an air-gapped system via a USB flash drive then covertly receive the stolen data via smartphone.
Note that according to the researchers, it's not just hard drive sounds that can be used for data theft. They have demonstrated in the past that even computer fans and connected speakers can be used to relay sounds that can be decoded remotely using the same method.
How to protect yourself from "DiskFiltration"
To protect organizations from "DiskFiltration," the researchers recommend replacing traditional hard disk drives (HDD) with the newer solid state drives (SSD). SSDs don't have mechanical moving parts like older HDDs so they are not susceptible to such attacks. (Click here to learn more about the difference between HDDs and SSDs.)
For the average computer user, although this attack is difficult to pull off, this demonstration proves that it is still possible to covertly pilfer data by merely manipulating your computer sounds.
To protect yourself from emerging hacking methods such as this, it is recommended that you have effective software security to guard against malware installed either from the internet or via external flash drives.