New Air-Gap Jumper Covertly Transmits Data in Hard-Drive Sounds

Security researchers have found a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet -- otherwise known as "air-gap" computers -- to prevent the leakage of sensitive information it stores, reports ArsTechnica. From the article: The method has been dubbed "DiskFiltration" by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive's actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data. By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes.

Considering that people play music

[Z00L00K]

Considering that people play music with floppy drives then the ability to transfer information acoustically with hard drives isn't really different.

Re:Considering that people play music

Considering that people play music with floppy drives then the ability to transfer information acoustically with hard drives isn't really different.

I wasn't aware of that, thank you for the link. I find things like that fascinating even if they aren't particularly useful.

A much bigger issue with this: if you can get this program onto the air-gapped machine in the first place, haven't you already compromised it? If I could load say, a flash drive, into the air-gapped system to run this program, why can't I just copy whatever data I was after?

Unrelated side issue: you know what's really broken about Slashdot? An AC post containing GNAA or the N-word or something like that gets downmodded in seconds (which is desirable), but lots of sincere and really informative AC posts never get modded up (which is a loss for everyone). Why the double standard? Editors have infinite mod points, so why not use them constructively? After all, I can see how someone using a work computer really wouldn't want to browse at -1. An easily offended coworker walking by and seeing a GNAA post would be really hard to explain to HR. It's a classic "guilty unless proven innocent, and even then probably still guilty" situation.

pointless stupidity

[iggymanz]

Of course, if I am allowed to install software on an "air-gapped" computer, I can make it transfer information by anything on it that makes noise or can be lit or even via power supply. Speakers, various fans, hard drive heads, retractable optical drive tray, locator blue LED, LCD display, even the power draw....I can manipulate all of those.

There is no point to these studies, they only belabor the obvious.

Any manager that makes some security policy based on such studies should be beaten.

Re:pointless stupidity

[fustakrakich]

Any manager that makes some security policy based on such studies should be beaten.

What's wrong with building a windowless soundproof Faraday cage 500 feet underground? I'd like to see the seismographer that can read through that.

Re:pointless stupidity

[Oswald+McWeany]

No system is foolproof. The idea is to make it harder to crack than is worthwhile for most people to bother with.

If you put a security system on your home, it's not because you think there aren't criminals out there who can disable them, it's because you're going to make yourself a difficult enough target that people are less likely to bother.

Digital security is much the same. There is no system that can't be compromised, not even an air-gapped system; however you can make it ridiculously difficult that few people would bother putting in the resources to crack you.

Re:Unusable

[Opportunist]

Just pretend you're defragging and people won't question it.

Most people don't even understand or know half of what's going on in their computer. If the HD suddenly starts to act up, most would probably just assume that Windows is "doing its thing".

Trivial to thwart.

[Lumpy]

Wont work with my SSD. and honestly will not work at all on SAS drives. most places that are serious about their computing and security uses thin clients running SSD boot drives and the rack of servers are all the workstations. good luck recording the drive noises with all those fans and the libert unit running.

It may work if a target's cheap laptop is set on top of the microphone.

Re:It's fucking air gapped.

[Opportunist]

USB Sticks"?

Much more stupid than that..

[thesupraman]

'Honest boss, I was sure the computer was secure! How was I to know the high sensitivity microphone pointed at it a few feet away, with a wire running out to the van outside and the stranger asking us to all be very VERY quiet for the next hour was a problem?'

Yes, this 'research' is pure stupidity because the methods are obvious as well as being easily mitigated if you really NEED security.

Although its not quite as stupid as the actually false and incorrect claim of using pixels to an infiltrated monitor was, which was basically all just a scam (there are NOT several x86 cpus in a monitor, the cpu that is sometimes there CANNOT read individual pixels, and you CANNOT infect them without a usb connection to the monitor).

Not to mention the obvious workaround, USE A SSD. sigh.

Re:It's fucking air gapped.

[mSparks43]

Network booted usb reader that mounts the stick as an nfs share.

problem solved.

The Floppotron 2.0

[Yvan256]

https://www.youtube.com/watch?...