Traditional hard disk drives are inherently noisy. The mechanical whirring sounds from the spinning platters and arms constantly remind us that our computers are indeed working.
Who knew these hard drive sounds could be used to steal data from a computer?
Security researchers from Ben-Gurion University in Israel recently revealed a method that could do precisely that: use a hard drive's mechanical noises to relay information to a nearby receiver.
By using special malware they developed called "DiskFiltration," the researchers managed to transmit binary code (simple 0s and 1s, the fundamental language of computers) by exploiting a hard drive's mechanical arm, the moving part that reads data off the platters.
By manipulating the arm's movements, they were able to generate specific audio frequencies that were then gathered by a nearby smartphone for interpretation.
Although this method is too slow, transmitting a mere 180 bits per minute, they demonstrated that it is enough for pilfering passwords, key logs, and other smaller sets of data. The receiver needs to be at close range too, approximately six feet and it still depends on extraneous noise levels, so this attack has limited practical use.
However, "DiskFiltration" could be used against isolated "air-gapped" computers that are totally disconnected from a network and the internet for security purposes. An attacker could secretly install the malware on an air-gapped system via a USB flash drive then covertly receive the stolen data via smartphone.