Researchers at the University of Michigan and Zhejiang University have found that specialized sounds played in speakers found in laptop and small form factor (SFF) computers can be co-opted to cause damage to traditional hard disk drives, according to a recent paper. While the risk is not limited to the aforementioned devices—speakers placed near drives have the same effect—this would imply that attackers have physical access to a given device.
The researchers found that audible sound can cause the drive head mechanics to "vibrate outside of operational bounds" while "ultrasonic sound causes false positives in the shock sensor, which is designed to prevent a head crash," the paper noted. This effect has been demonstrated in hard drives from all three major vendors—Seagate, Western Digital, and Toshiba—and tests have resulted in drives becoming unresponsive (until the system is rebooted) on both Windows and Linux, as well as causing intermittent freezing and complete system crashes on Windows.
SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)
The volume of the sound required to cause this is fairly high—the researchers played tones at 5 kHz at 115.3 dB, resulting in partial throughput, with complete throughput loss experienced at 117.2 dB on a test Western Digital drive. The researchers note in the paper that "tests have measured a Dell XPS 15 9550 laptop's output to be as high as 103 dB SPL from 1 cm away from the laptop" with write-blocking signals being "as low as 95.6 dB." While no drive completely stopped working in testing, all of the drives experienced extensive amounts of remapped sectors, and a physical inspection of one drive showed scratches to a platter visible to the human eye.
In a case study in the whitepaper, the researchers successfully carried out this attack inside Chrome, demonstrating that remote execution of the attack is possible. Additionally, the researchers carried out this attack against a video surveillance system, leading to data loss. The drive in this case refused to continue recording until a full reboot occurred. The researchers demonstrated some of these techniques last week at the IEEE Symposium onSecurity and Privacy.
Cramming components too close together can cause issues. Anecdotally, I've personally experienced a similar-sounding (pardon the pun) issue on a support request for a netbook running Windows XP in 2010—while the Atom-powered system was quite clearly not fast to begin with, it would freeze when the Windows start sound was played. (There was a significant amount of disk activity going on as this played, as programs were starting after boot.) As solid state drives were at a significant premium at the time, the problem was corrected by connecting headphones to the device during boot, after which it operated normally.
The big takeaways for tech leaders:
- Specialized sonic and ultrasonic sounds played with standard computer speakers in close proximity to hard drives can harm traditional hard drives.
- This effect has been demonstrated in hard drives from all three major vendors—Seagate, Western Digital, and Toshiba.
- Sensor'd enterprise: IoT, ML, and big data (ZDNet special report) | Download the report as a PDF (TechRepublic)
- Japan turns to drones, earsplitting sound to force overtime staff to leave (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Signal-jamming DroneGun used by Australian Defence Force during international summit (ZDNet)
- No, Alexa isn't spying on you, but be careful with sensitive conversations (TechRepublic)
James Sanders is a Java programmer specializing in software as a service and thin client design, and virtualizing legacy programs for modern hardware.