Slashdot Mirror
Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: Attackers can use sound waves to interfere with a hard drive's normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations. The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD's data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect. Because hard drives store vasts amounts of information inside small areas of each platter, they are programmed to stop all read/write operations during the time a platter vibrates so to avoid scratching storage disks and permanently damaging an HDD. Last week, scientists from the Princeton and Purdue universities published new research into the topic, expanding on the previous findings with the results of additional practical tests. The research team used a specially crafted test rig to blast audio waves at a hard drive from different angles, recording results to determine the sound frequency, attack time, distance from the hard drive, and sound wave angle at which the HDD stopped working.
Step 1 - record to SSD
Step 2 - move to spinning storage (this does not even have to be onsite where the attack is possible)
Pretty simple way to harden it would seem.
Silence is a state of mime.
... the SSD lobby strikes!
Sound waves cause vibrations!
News at 11.
paid for by SSD markers buy now before prices go up to cover our court fees!
but how practical is this? If you're in close enough to blast the HDDs, you're in close enough to do a lot more than that.
"I don't know, therefore Aliens" Wafflebox1
From the paper:
We assume that the attacker can generate acoustic signals in the vicinity of the victim device, at frequencies within the audible range (2 - 20 kHz). The attacker can either apply the signal by using an external speaker or exploit a speaker near the target.
In order to get near the HD the attacker will likely have to pass in front of one or more of the security cameras that are streaming to the HD they're looking to interrupt, which means there will still be footage of them . And if they can get that close to the HD they can just physical destroy it anyway.
http://www.zdnet.com/article/how-a-loud-noise-brought-a-data-center-to-its-knees/
You may call the french many things, but commies? meter is a french invented concept.
If you are near a ATM or other public machine, a sledge is kinda conspicuous, especially when used.
Some tone generator much much less so, as long as it works through the case of the ATM and isn't jackhammer-loud
Besides: when you beat up the ATM already, you simply steal the money inside after breaking it open, not just corrupt the harddisk in some weird high tech kinda attack.
From TFA
There's little chance of seeing the mass exploitation of real-world devices using acoustic attacks on hard drives, as such scenario is likely impractical due to the multiple criteria an attacker needs to satisfy.
Nonetheless, acoustic attacks are inherently suitable for targeted attacks against carefully selected critical systems. For example, acoustic attacks can help nation-state sponsored attacks, aid with physical intrusions into secure systems, corrupt or sabotage forensics collection, or even cause loss of human life when attacking HDDs used by medical devices.
So once again you need physical access in order to perform this "exploit". In which case all bets are off anyway.
And the whole ATM thing is just TFA author's wishful thinking, and has nothing to do with the actual research paper.
Just to explore a scenario not included in the research paper, an ATM malware gang can deploy an acoustic attack on an ATM to prevent it from temporarily collecting forensic evidence while fileless malware executes in the ATM's RAM and dispenses cash to attackers. This scenario and many more others exist.
I am Slashdot. Are you Slashdot as well?
"The research team used a specially crafted test rig to blast audio waves at a hard drive from different angles, recording results to determine the sound frequency, attack time, distance from the hard drive, and sound wave angle at which the HDD stopped working."
Too bad the distance from the hard drive and sound wave angle cannot be determined absent an inside job because, and this is a doozy, the HDD system is almost never located immediately adjacent to the camera.
Good luck finding one on a real world environment, much less disabling it before it records a video stream of you entering the building, the anteroom to the server room and/or security room, etc., carrying a very odd looking piece of equipment. It's like Where's Waldo for idiots - "I think our target is... that guy with the sci-fi gun."
nice encoding issues. russian shitposter confirmed
If they were in vicinity of HD, wouldn't it be more "quiet" to use a large magnet? Or a hammer? Or just unplug and take the drive?
or if they are really daring, bring their own blender in a backpack.... "will it blend?"
What if the attackers where CLOWN SUITS?
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
s/where/wear/g
Brother funking auto corrupt.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Researchers have proven that Large Hammers can disable power supplies. Power supplies are integral parts of PCs, Security Systems, and Nuclear Power Plant control equipment.
Access to the outside of the box. Tamper seals remain unbroken.
Pay a patsy (janitor, disgruntled employee, whatever) on the inside to drop a device onto the DVR (hide it behind, whatever). Trigger remotely when needed, then break in.
Hell, I have been in many small offices where the DVR is in the managers office, which is often open. Get an 'interview' and attempt to plant the device for later use while waiting for the manager to interview you. Think convenience stores, check cashing title loan offices, any small place that deals with cash, this could be used as method to disable recording.
Silence is a state of mime.
There, fix^H^H^Hgeneralized that for you.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I would assume that your company would have enough physical security to not just let any clown enter your data center...
And you have no idea if it's actually working, so you can't be sure you're still not being recorded. Sounds like another well thought out plan...
It is a well know fact that HHDs are sensitive to vibrations. How is this news?
Access to the outside of the box. Tamper seals remain unbroken.
And how did you get in physical proximity to the system?
I am Slashdot. Are you Slashdot as well?
We assume that the attacker can generate acoustic
signals in the vicinity of the victim device, at frequencies
within the audible range (2 - 20 kHz).
So an audible noise so f*cking loud that it can vibrate metal that is inside a cast aluminum hard drive casing, and probably that is within another metal box, without (a) going deaf, and (b) attracting attention? Good luck with that.
Have gnu, will travel.
I don't know why, but the Amiga was the only system I've used that warned against bumps or dropping; due the possibility of the drive heads taking a divot from the platters.
Someone would slam their joystick on the table and I'd almost panic.
Then the culprit would have been U.S. made and deployed technology, used for a false flag operation in order to diminish diplomatic contacts between cuban leadership and newly formed republican leadership in the USA. Something is really fishy around this Washington-based accusation... Cubans? With their 50-year-old bicycles and fifties-era vehicles?
The normal way. Point is that fail looks like a hard drive fail and not an ESD event, physical damage, power outage.
Something else to harden against for outward facing devices.
Yes, if you completely ignore the "absent an inside job" phrase in the material that you failed to quote, then you you can claim that I "forget the inside man job."
But I didn't.
https://www.youtube.com/watch?v=tDacjrSCeq4
... shredding a Fender on a track.
It little behooves the best of us to comment on the rest of us.
... could just use a hammer. This is just another non-issue, blown completely out of proportion.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
"markers"
Do people ever actually proofread? Do they know more of their mother tongue than at an elementary school level? At what point does poor language begin to interfere with subtle or complex communication?
(Actually, I don't really care. I'm just spending some time being a snarky AC because I didn't like my brunch at the restaurant this morning. Enjoy your day!)
Insufficient metal box nesting detected; you left out possibly internal drive cage assemblies, possibly mounted in a rack, and that possibly inside of a cage.
If this could be combined with a hypersonic audio projector, it might allow for an attack from a longer distance.
I've just released a Directive to the employees of Porter Industries that cowardice in repelling Evil Clowns is punishable by DEATH.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Well they let me in...
Agreed. The practicality of this is bullshit. At best, you superglue a piezoelectric speaker to a server, NAS/SAN chassis, tune frequency, and juice up the volume. If it's to be done, it's just for show and theatrics to make a statement "just because I can".
Life is not for the lazy.
Haven't you heard of SSD markers? Paint the edges of the SSD drive with the green colored marker and then the audio quality increases dramatically.
What if the clowns have RFID tags?
Sent from my ASR33 using ASCII
I'm reminded a $2 laser pointer aimed at the camera is much more effectkve.
If you want to spend more money, you can use a high power laser pointer and burn out the camera sensor.
You may call the french many things, but commies? meter is a french invented concept.
Communism was kind of a French thing, for example. Arguably Lenin patterned himself after Robespierre, using him as a role model.
"First they came for the slanderers and i said nothing."
Last time I checked most CCTV cameras don't have the HDD sitting with them, also how effective is this likely to be with walls and cases in the way of exposing the HDD, I would think the sound dampening that brings would be pretty significant.
if you have such a patsy get him to unplug the fucker rather than trying to place a large obvious device that may fail to disable the drive.
So, regular SSDs should work with predictable failure rates in this. What's wrong?
Also, why not make sound proof enclosures for disks?
If they were in vicinity of HD, wouldn't it be more "quiet" to use a large magnet? Or a hammer?
Insider job and trying to maintain plausible deniability (avoid creating evidence of intention to vandalize the equipment).
That's my only thought, because a good CCTV installation ought to have the live data storage in a place shielded by some protective barriers AND concealed in a location that would be difficult to find/investigate/reach in a hurry.
Hmm breaking open an stm, would not that trigger the explosive charge inside, covering the money in ink/powder making it instantly wortless? Or has tis not peen implemented in te US yet (I seem to remember reading abot jt beeing rolled our across europe a decade ago)
We have used spinning hard-drives in audio for decades now in both studio and live production. Studios would not typically expose the drives to continuous levels over 91dB, but it is not uncommon. Live production you can over 105dB for many hours and I have never heard of anyone have vibration issues.
Don't like being tracked by recognition software everywhere you go? String together some infrared LEDs and incorporate them into your clothing. While invisible to the naked eye their output will saturate most camera sensors.
Re "the attacker" will be trusted staff. They don't have to worry about "security cameras" or "security". They work in the secure area all day.
Turned by an offer of a better life, bribe, love, blackmail. Just having their cell phone infected after been identified as a worker with clearance.
An infected cell phone just for that person and mission that turns on when in the secure area of the company or mil site of interest.
Domestic spying is now "Benign Information Gathering"
How quaint!
The same way smart spy agencies and competitors have always done. They have the skills to find weak minded workers with site clearance and make them an offer.
The nice way of getting a spy on site:
Lots of money can work with people with money problems, a gambling addiction, an illegal hidden addiction that their wage cant support.
Given how accounts and spending habits are now tracked in the USA, UK by the security services, thats not as good unless the well disciplined worker keeps the cash until after they change jobs.
A real passport and new life with their family in any other nation and lots of money for people disillusioned with their nation, faith, politics.
Thats hard for the security services to find out about as the offer is verbal and on trust.
If that person is loyal and will not betray their nation?
Blackmail them over some real lifestyle, criminal interest. A good, normal, loyal person who is not into criminal things? Create an indiscretion and then blackmail the person.
It takes time and skill but most nations find or create a cleared person who will do what is needed on site.
The USA and UK spend billions on collecting all network data globally.
Other nations spend a few million on creating and helping a few people advance in a few well placed jobs.
No need to sneak special forces, penetration testers around. The data just walks out day after day thanks to a trusted worker on the inside.
Finding and coercing a trusted worker who works in the secure room/site is not the most difficult part. Not altering the system been copied from is the neat trick.
No logs, firewall, OS changes. Just the exact data copied out. No trace, questions, logs, code litter. Back again next shift.
Domestic spying is now "Benign Information Gathering"