In an entirely new twist on the security of hard disk drives (HDDs), a team of researchers from Princeton and Purdue University have released a paper demonstrating how acoustic signals at specific frequencies can compromise devices that rely on HDD technology.
Motivated by the insight that computers, closed-circuit television (CCTV) systems, medical bedside monitors, and even automated teller machines (ATMs) heavily rely on HDDs, the team of six borrowed concepts from “resonance scattering theory” to prove HDDs could leak critical private information through acoustic or electromagnetic emanations.
The team proposes an innovative denial-of-service (DoS) attack against HDDs that, instead of exploiting software, exploits a physical phenomenon known as “acoustic resonance.”
In what the team believes is the first instance of non-contact denial of service security attacks against HDDs, the paper investigates how an attacker can leverage acoustic resonance “to negatively affect the regular operation of HDDs.”
The researchers then highlight the negative consequences of the proposed attack using two real-world case studies involving a regular computer and a CCTV system.
“We demonstrate how an attacker can disable a CCTV system by targeting its digital video recorder (DVR) device. Further, we show how the proposed attack can target a personal computer, causing a failure in its underlying OS,” the paper reads.
To perform the acoustic attack proof-of-concept without any barrier shielding the HDD, the team opened up a hard drive and left its parts exposed to the carefully crafted sound waves. This, according to the team, was an effort to “better analyze potential vulnerabilities.” The team’s experimental setup is depicted in the image above.
After performing a number of attacks, SMART logs of tested HDDs showed increased “Seek_Error_Rate,” a pre-failure attribute that that can hurt the system’s performance.
In the case of CCTV cameras, “every frame of video stored on a DVR could potentially be highly crucial forensic evidence,” the paper reads, making this vulnerability extremely feasible to bad actors.
Read the full research paper (highly recommended) to learn more about potential attackers and their capabilities, halting Read/Write operations through sound, as well as the interesting physics behind the proposed attack.