Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sonic and Ultrasonic Attacks Damage Hard Drives and Crash OSes (arstechnica.com)

Posted by BeauHD on from the bad-cover-songs dept.

Dan Goodin reports via Ars Technica: Attackers can cause potentially harmful hard drive and operating system crashes by playing sounds over low-cost speakers embedded in computers or sold in stores, a team of researchers demonstrated last week. The attacks use sonic and ultrasonic sounds to disrupt magnetic HDDs as they read or write data. The researchers showed how the technique could stop some video-surveillance systems from recording live streams. Just 12 seconds of specially designed acoustic interference was all it took to cause video loss in a 720p system made by Ezviz. Sounds that lasted for 105 seconds or more caused the stock Western Digital 3.5 HDD in the device to stop recording altogether until it was rebooted. The device uses flash storage to house its firmware, but by default it uses a magnetic HDD to store the large quantities of video it records. The attack used a speaker hanging from a ceiling that rested about four inches above the surveillance system's HDD. The researchers didn't remove the casing or otherwise tamper with the surveillance system. The technique was also able to disrupt HDDs in desktop and laptop computers running both Windows and Linux. In some cases, it even required a reboot before the PCs worked properly. The paper titled "Blue Note: How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems" can be found here (PDF).

4 of 102 comments (clear)

  1. Re:4 inches? by jibjibjib · · Score: 5, Insightful

    The speaker doesn't necessarily have to be within 4 inches; perhaps with further tuning or a different speaker it could work from elsewhere within the room. And there are plenty of plausible scenarios where you don't have physical access to the hard drive, but you do have access to a nearby speaker.

    e.g.

    - you're running a website and you want to DoS your users' laptop hard drives using the laptop speakers

    - you compromised one computer (or phone, or media player, or other device with speakers) and want to use it to attack another device sitting on the desk beside it.

    - you rented datacenter space just above your target's server, and your server has an internal speaker which you can attack them with.

  2. 118 dB required by Anonymous Coward · · Score: 4, Insightful

    As pointed out on ars, the volume required is much like putting your ear against a chainsaw at full throttle.

    Nothing here, move along.

  3. Who uses hard drives? by slashmydots · · Score: 3, Insightful

    This is why I use SSDs. 800G impacts and 200G vibrations while in use are no problem. Then again, it depends how much storage you actually need.

  4. So that's what's been going on by Chrisq · · Score: 4, Insightful

    So that's what's been going on in the US embasies