Slashdot Mirror
Researcher Turns HDD Into Rudimentary Microphone (bleepingcomputer.com)
An anonymous reader writes from Bleeping Computer: Speaking at a security conference, researcher Alfredo Ortega has revealed that you can use your hard disk drive (HDD) as a rudimentary microphone to pick up nearby sounds. This is possible because of how hard drives are designed to work. Sounds or nearby vibrations are nothing more than mechanical waves that cause HDD platters to vibrate. By design, a hard drive cannot read or write information to an HDD platter that moves under vibrations, so the hard drive must wait for the oscillation to stop before carrying out any actions. Because modern operating systems come with utilities that measure HDD operations up to nanosecond accuracy, Ortega realized that he could use these tools to measure delays in HDD operations. The longer the delay, the louder the sound or the intense the vibration that causes it. These read-write delays allowed the researcher to reconstruct sound or vibration waves picked up by the HDD platters. A video demo is here.
"It's not accurate yet to pick up conversations," Ortega told Bleeping Computer in a private conversation. "However, there is research that can recover voice data from very low-quality signals using pattern recognition. I didn't have time to replicate the pattern-recognition portion of that research into mine. However, it's certainly applicable." Furthermore, the researcher also used sound to attack hard drives. Ortega played a 130Hz tone to make an HDD stop responding to commands. "The Linux kernel disconnected it entirely after 120 seconds," he said. There's a video of this demo on YouTube.
"It's not accurate yet to pick up conversations," Ortega told Bleeping Computer in a private conversation. "However, there is research that can recover voice data from very low-quality signals using pattern recognition. I didn't have time to replicate the pattern-recognition portion of that research into mine. However, it's certainly applicable." Furthermore, the researcher also used sound to attack hard drives. Ortega played a 130Hz tone to make an HDD stop responding to commands. "The Linux kernel disconnected it entirely after 120 seconds," he said. There's a video of this demo on YouTube.
I'm the original author.
First, you are kind of rude for calling me idiot, specially if you didn't even read the friendly article.
Second, have you even looked at the video? no, the disk don't "temporarily park". The delay is proportional to the vibration amplitude, mean you can sense sound volume at a low rate. Sample rate is about 50 hz, it can't reconstruct a kHz signal but voice is in the ~300 Hz, and you don't need to reconstruct the complete signal to recognize it. You don't need to recognize a conversation, you need to recognize the patterns that the conversation causes. In the original article I proved a link to a research do does exactly that with the gyroscopes in mobile devices.
I would like to apologize on behalf of people with dismissive attitudes. It is a real problem not just with anonymous posts, but even at the workplace, especially among "half-technical" people, who are are smart enough to understand jargon and comment but not enough to understand a reasoned argument. I've seen countless times where someone will quote from stackoverflow or some other source out-of-context, and several times where the source itself they quote from is utterly wrong to begin without even in-context. I might prove something with complex numbers, and they'll just quote someone saying you can't take a square root of negative numbers. Even after I convince them, they'll just laugh saying Intel cpus don't support complex numbers, and I have to show them the Intel cpu spec for hardware acceleration of complex numbers (and even without hardware support, it can be easily emulated in software). I've learned to stop trying, half-technical people are impediments to innovations.
Now, after that apology is done, I would like to bring up some academic research that may relate to your study of signal processing. There was some research done a while back (early 2000s, I think), that found that keyboard keystrokes leaked information on electricity draw. And even though they could not directly tell which key was hit, they were able to apply a model of qwerty keystroke cadence, since people tend to be faster or slower with keystrokes depending on the sequence of keys. Applying that model with a roughly 60Hz electrical tap, they were able to successfully reconstruct full text input at a 90% confidence. Because the model relied heavily on predictive modeling, it is not good for high-entropy signals like 8-character passwords, but it is excellent for low-entropy signals like a legal memo with several paragraphs explaining one point. You also mentioned a study directly applying to low SNR audio, for speech. However, I wonder if the vibrations for keystrokes are enough to disrupt HDD latency, and if so, a bivariate model using both HDD signal and electricity signal may yield a far superior reconstruction than electricity on its own, especially since the two 60Hz signals are likely out-of-phase. My 2 cents.
> I've learned to stop trying, half-technical people are impediments to innovations.
It's the internet. They are assholes, you just have to have thick skin :)
> I wonder if the vibrations for keystrokes are enough to disrupt HDD latency
Yes, they do. I saw it myself, the HDD is much more sensitive to vibrations transmitted by the chassis than sound. You might be onto something great here. I will quote you if I ever do something like this in the future.