Sonic and Ultrasonic Attacks Damage Hard Drives and Crash OSes (arstechnica.com)

← Back to Stories (view on slashdot.org)

Sonic and Ultrasonic Attacks Damage Hard Drives and Crash OSes (arstechnica.com)

Posted by BeauHD on Tuesday May 29, 2018 @07:00PM from the bad-cover-songs dept.

Dan Goodin reports via Ars Technica: Attackers can cause potentially harmful hard drive and operating system crashes by playing sounds over low-cost speakers embedded in computers or sold in stores, a team of researchers demonstrated last week. The attacks use sonic and ultrasonic sounds to disrupt magnetic HDDs as they read or write data. The researchers showed how the technique could stop some video-surveillance systems from recording live streams. Just 12 seconds of specially designed acoustic interference was all it took to cause video loss in a 720p system made by Ezviz. Sounds that lasted for 105 seconds or more caused the stock Western Digital 3.5 HDD in the device to stop recording altogether until it was rebooted. The device uses flash storage to house its firmware, but by default it uses a magnetic HDD to store the large quantities of video it records. The attack used a speaker hanging from a ceiling that rested about four inches above the surveillance system's HDD. The researchers didn't remove the casing or otherwise tamper with the surveillance system. The technique was also able to disrupt HDDs in desktop and laptop computers running both Windows and Linux. In some cases, it even required a reboot before the PCs worked properly. The paper titled "Blue Note: How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems" can be found here (PDF).

48 of 102 comments (clear)

Min score:

Reason:

Sort:

4 inches? by Bert64 · 2018-05-29 19:17 · Score: 2, Interesting

If you're within 4 inches of the drive you could use a hammer, or just unplug the power... Works against SSDs too!

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
1. Re:4 inches? by jibjibjib · 2018-05-29 19:37 · Score: 5, Insightful
  
  The speaker doesn't necessarily have to be within 4 inches; perhaps with further tuning or a different speaker it could work from elsewhere within the room. And there are plenty of plausible scenarios where you don't have physical access to the hard drive, but you do have access to a nearby speaker.
  e.g.
  - you're running a website and you want to DoS your users' laptop hard drives using the laptop speakers
  - you compromised one computer (or phone, or media player, or other device with speakers) and want to use it to attack another device sitting on the desk beside it.
  - you rented datacenter space just above your target's server, and your server has an internal speaker which you can attack them with.
2. Re:4 inches? by Anonymous Coward · 2018-05-29 19:45 · Score: 1
  
  I have skimmed through the PDF and in every graph their scale is starting at 100 dB SPL.
  That is very loud, think concert hall loud. I not sure if this is a very pratictal attack.
3. Re:4 inches? by jibjibjib · 2018-05-29 19:56 · Score: 5, Interesting
  
  It sounds to me from the paper like a laptop's own speakers are capable of generating enough sound to disrupt the laptop's hard drive, in ultrasound ranges that most humans can't hear. Yes, it's a lot of sound energy, but still possible for it to be unnoticed, especially if you timed it for when the user isn't around, or mixed it into music or other legitimate sound.
4. Re:4 inches? by Anonymous Coward · 2018-05-29 20:48 · Score: 1
  
  If you're within 4 inches of the drive you could use a hammer, or just unplug the power... Works against SSDs too!
  An inside job that uses a loud ultrasonic sound leaves no traces. The video surveillance equipment simply stopped working. On the other hand, if your inside contact hammers the HDD hard, it leaves some traces, I'd say...
5. Re:4 inches? by Entrope · 2018-05-29 22:58 · Score: 1
  
  "The suspect was recorded on CCTV carrying a large speaker into the surveillance system room. The recording stopped approximately a minute and a half later." type inside job that leaves no traces?
6. Re: 4 inches? by ctilsie242 · 2018-05-30 00:46 · Score: 1
  
  I do know that when something like Halon or ECARO cylinders pop in a data center, that often causes hard drive failures due to the initial hissing sound, and there are advances to reduce that noise.
  Ultimately, the best defense is moving to SSD, although with that form of media, there is the issue of archival life. Once those electrons escape the gate, they are gone for good.
7. Re: 4 inches? by ctilsie242 · 2018-05-30 00:48 · Score: 1
  
  Yes, almost all cheap laptops will come with a 5400 RPM HDD if they don't use a 32GB eMMC card. Of course, swapping it out for a SSD is an option, but some laptops take a lot of digging, prying, and ungluing to reach the drive, risking damage.
8. Re: 4 inches? by The+Grim+Reefer · 2018-05-30 01:29 · Score: 1
  
  Given the distance, how did they verify that the effect was not from the magnetic field generated by the speaker and not the sound?
  Didn't read TFA, but from the summary, it sounds like the speaker that is already in the computer will also work. Regardless, have you ever taken apart a HDD? They have pretty damn strong magnets in them. It will take a very powerful magnet to disrupt a HDD from 4 inches away. I doubt Even a large subwoofer would cause an issue at that distance.
  I am curious if this has something to do with the hearing loss of the people at the embassy in Cuba. High decibel ultra sonic sound can cause hearing loss as well as having other effects on humans.
9. Re: 4 inches? by Spazmania · 2018-05-30 01:56 · Score: 2
  
  Are you sure it's because of the initial hissing sound? I would expect it to be due to the sudden air pressure change. Halon and comparable systems work by rapidly adding enough gas to an area that the partial pressure of oxygen drops below what's needed to sustain a fire.
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
10. Re:4 inches? by rahvin112 · 2018-05-30 02:16 · Score: 1
  
  Lets not forget sound attenuates using the inverse square law. At double the distance you need 4X as much volume for the same sound pressures. So if I takes 4 inches and you need 20' you need 3600 times the decibels. And this doesn't include attenuation through walls or other materials. I'd be curious what decibel level this took so you could calculate what kind of volume you'd need at something like 20', if it involves hauling around 20' speakers I'm not sure this is a viable technique in the real world.
11. Re: 4 inches? by aaarrrgggh · 2018-05-30 02:31 · Score: 1
  
  I was surprised too, but it isn't the pressure wave it is the actual audible noise from what research I have had access to.
12. Re:4 inches? by BronsCon · 2018-05-30 03:06 · Score: 1
  
  Given that this attack can use the speaker found in a lot of computers, the speaker needn't be very big, nor the battery very heavy. A piezo transducer and a small circuit powered by a 3032, or from the drone's own battery, could likely accomplish the task.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
13. Re: 4 inches? by Joce640k · 2018-05-30 03:32 · Score: 1
  
  Given the distance, how did they verify that the effect was not from the magnetic field generated by the speaker and not the sound?
  Shouting at the drives also works:
  https://www.youtube.com/watch?...
  (not a Rickroll)
  
  --
  No sig today...
14. Re: 4 inches? by ctilsie242 · 2018-05-30 03:56 · Score: 1
  
  Hard disks don't really care about pressure as much, unless it is so great that it pops the internal membrane, causing the helium or pure air inside to leak out. One rarely hears about a hard drive fail on a laptop on a plane. However, the noise is what kills them. This is such an issue, that some companies are doing a lot of work to re-engineer the gas nozzles to reduce the initial noise.
15. Re:4 inches? by Bengie · 2018-05-30 05:24 · Score: 1
  
  So if I takes 4 inches and you need 20' you need 3600 times the decibels
  Don't you mean something like 35.5 more decibels? It's a 3600x difference in energy, but decibels are log based. Log 3600 = 3.55 bels
16. Re: 4 inches? by HiThere · 2018-05-30 06:28 · Score: 1
  
  FWIW, I would prefer a hard drive over an SSD. Hard drives are more resistant to losing the data in storage. I'd hardly call them archival quality, but they're a lot closer. And generally I don't depend on I/O to be fast...I depend on RAM for that.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
17. Re:4 inches? by rahvin112 · 2018-05-30 07:31 · Score: 1
  
  I don't know honestly. The inverse square law works on the decibels so I'm not sure it's so clear cut, I believe you are right but someone that knows more about sound would need to chime in. Given the other post that says you needed 118 decibels at 4 inches I'm not sure 154 decibels at 20' would be equivalent.
  My main point was even if you can do this from 4 inches with a chainsaw sound level, you'd need some massive speakers and power output to do it from outside a building. In fac,t I dare say the sound pressure would do more damage to the building than the hard drives in such a situation. But more than that, at these kind of sound volumes this isn't something anyone is doing surreptitiously
18. Re: 4 inches? by viperidaenz · 2018-05-30 08:47 · Score: 1
  
  Most hard drives aren't sealed, they have a vent containing a filter.
  There are some helium filled drivers, but most, and all laptop drives are not sealed, there is no membrane to pop.
19. Re:4 inches? by viperidaenz · 2018-05-30 08:55 · Score: 1
  
  154dB would in impressive
  
  150dB Sensation of being compressed as if underwater
  152dB Vibration is painful and felt in joints
  153dB Throat vibrating so hard it is impossible to swallow
  154dB Compression will burst child’s balloon
  155dB Experience cooling from excited air movement, up to 15 degree C perceived cooling
  158dB Inside of a rock concert speaker bin with 5000 watts power
  http://www.decibelcar.com/menu...
20. Re: 4 inches? by torkus · 2018-05-31 03:55 · Score: 1
  
  It's definitely the acoustics. Nasdaq pretty much lost a datacenter a month ago due to the fire suppression system going off so there's recent, modern, real-word examples of this.
  That hissing noise is far louder than you're thinking though. More like if you opened one of the industrial gas (welding) tanks with nothing on it. It's painfully loud and the vibrations are sufficient to crash drive heads.
  
  --
  You can get rich if you own a politician, but you have to be rich to buy one in the first place.
Re:Sensationalist much? by AHuxley · 2018-05-29 19:42 · Score: 1

Think of walking around a restricted office as an invited guest.
The network security will detect new wifi, use of a usb stick, changes to networks.
Sounds a human will not notice can change an OS internally.
No fancy talking about a usb stick, needing to go into a secure computer room. No new wifi to get detected.
Just talk for a set time and let the hidden sound do the access.

--
Domestic spying is now "Benign Information Gathering"
Re:Sensationalist much? by apparently · 2018-05-29 19:44 · Score: 1

If you can get close enough to a DVR to disconnect it, why not just pull the plug?
I don't have to get close enough to the DVR to disconnect it - I just need to get a speaker snuck in there.

...or get remote access to a PC in the same room as the DVR. ...or get the security intern to install my sweet whoopee cushion app.
118 dB required by Anonymous Coward · 2018-05-29 19:45 · Score: 4, Insightful

As pointed out on ars, the volume required is much like putting your ear against a chainsaw at full throttle.
Nothing here, move along.
1. Re:118 dB required by info6568 · 2018-05-30 00:27 · Score: 2
  
  To stop a hard disk ... yes ... but you can make a long term "attack" damaging the disks slowly with not so strong noise.
  Everything depends on what it is your goal.
2. Re:118 dB required by BronsCon · 2018-05-30 03:09 · Score: 1
  
  Not just deaf people, anyone who can't hear mid- or high-ultrasound, which is, well, everyone.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
3. Re:118 dB required by Bengie · 2018-05-30 05:35 · Score: 1
  
  Most speakers barely touch ultrasound. Most only hit the edge of ultrasound, that many humans can still hear. The attack also mentions integrated speaks, which are going to have a horrible frequency range. Even if they can hit ultrasound, the amount of power is going to be abysmal. Going to need that magnetic speaker close enough to cause issues via magnetism.
What speaker? by Tough+Love · 2018-05-29 19:49 · Score: 1

The last two out of two builds I did, the case didn't even have a speaker. Did not miss it a bit. I don't think the "cheap PC speaker" is even a thing any more, and laptops - which always have speakers - don't have hard drives except unless they are super crap, then don't worry about it.

--
When all you have is a hammer, every problem starts to look like a thumb.
1. Re:What speaker? by BillTheKatt · 2018-05-29 21:06 · Score: 1
  
  Do you think this will work with my Adlib card?
2. Re:What speaker? by Zocalo · 2018-05-29 21:24 · Score: 2
  
  Case speakers are definitely a relic of a bygone age. No idea about all-in-one desktops since I don't do those, but other than laptops I don't think I've had a case with one for getting on for at least a decade now, although many motherboards do still seem to include a piezo-electric tweeter somewhere. That's pretty much redundant too, however, since anything sent to it is usually hijacked by the drivers for either the on-board sound chip or any add-on audio hardware pretty early in the boot process. Generally speaking, you're going to need to trigger some kind of pre-BIOS/UEFI failure to get anything out of it, and even that seems to be dying out as my last few mobos have all had a pair of seven-segment LED displays that show a sequence of hex status codes as the system progresses through the boot process.
  
  --
  UNIX? They're not even circumcised! Savages!
3. Re:What speaker? by Tough+Love · 2018-05-29 23:16 · Score: 1
  
  Generally speaking, you're going to need to trigger some kind of pre-BIOS/UEFI failure to get anything out of it, and even that seems to be dying out as my last few mobos have all had a pair of seven-segment LED displays that show a sequence of hex status codes as the system progresses through the boot process.
  LED display on the MB is civilized, but most don't have it and blink some LED instead, which nearly all new MBs have and is getting universal. Even NUCs do this. Way more useful imho. I never did like the lame little beep on boot, can't shed a tear for its demise.
  
  --
  When all you have is a hammer, every problem starts to look like a thumb.
4. Re: What speaker? by Zocalo · 2018-05-30 01:00 · Score: 1
  
  Nope; haven't felt much need to upgrade my main PC (the only one I'd still consider hand-building myself) for a while, and I suspect I'm now going to make do until the Meltdown and Spectre issues are properly fixed in the silicon without any of the current hacky microcode workarounds. Other than those that are now appliances all my other systems are still custom, they're just built by a local PC/component seller instead (although I could just as easily use Dell or other build to order firm) - quite frankly the marginal extra cost is worth it for the time saved and a warranty, and my current clients are very much COTS when it comes to PC/server hardware. I do miss the days when it was both fun and more economical to DIY almost every build though.
  
  --
  UNIX? They're not even circumcised! Savages!
5. Re:What speaker? by Bengie · 2018-05-30 05:40 · Score: 1
  
  Some motherboards use pulsing LEDs instead of pulsing speakers or just a numeric LED readout.
6. Re:What speaker? by Tough+Love · 2018-05-30 10:21 · Score: 1
  
  You can even test a motherboard/CPU/RAM assembly with only a PSU and speaker and nothing else.
  I always do that with a new build, but without the speaker. Plug in processor, memory and power supply, then short the power button pins with a letter opener :-)
  Usually, the sound of the processor fan is enough to know it posted, but LEDs can be helpful or essential if it doesn't.
  
  --
  When all you have is a hammer, every problem starts to look like a thumb.
Who uses hard drives? by slashmydots · 2018-05-29 20:42 · Score: 3, Insightful

This is why I use SSDs. 800G impacts and 200G vibrations while in use are no problem. Then again, it depends how much storage you actually need.
1. Re:Who uses hard drives? by scottrocket · 2018-05-29 21:20 · Score: 1
  
  "Then again, it depends how much storage you actually need."
  When I googled this, all I could find was a 1 TB, 8-channel dvr, with a security camera set-up. OTOH, I only went through 2 pages of links...
2. Re:Who uses hard drives? by thegarbz · 2018-05-29 23:14 · Score: 1
  
  You use SSDs because you're worried someone will put a speaker 4" away from your computer emitting a sound roughtly as loud as a chainsaw?
  I think you have bigger worries than data loss.
3. Re:Who uses hard drives? by swb · 2018-05-30 00:01 · Score: 2
  
  Modern high quality SSDs have really good write durability, but do they have enough to really survive in a DVR that's recording constantly at least at the price points acceptable enough for warehouse store security camera bundles?
  It'd be an interesting thing to try out. I could see where the increased throughput of flash media could make for enhanced DVR features, like high frame rate recording but extremely fast time lapse scanning, although I assume they've kind of figured out how to do that with slower rotational media.
4. Re:Who uses hard drives? by Bengie · 2018-05-30 05:52 · Score: 1
  
  A tech site was doing endurance testing many years back and they manage to write over 2 petabytes to a Samsung 840 Evo before a power outage killed the SSD. And 840s were infamous for their poor write endurance and longevity, according to their specs that is. First gen TLC and all that. I haven't seen any recent longevity tests because everyone gave up. Even the low end name brand drives pretty much only die to manufacturing defects.
  
  Several years ago some datacenter, I think Google, wrote a blog about using consumer grade MLC SSDs with customer firmware in production. Their experience was that SSD lasted as long as spinning rust if you measured the drives in data written. It is true that the SSDs didn't last as long according to the wall clock, but that's only because they could write 100x faster. Their mentality was that if they got to choose between two drives that would die after 1PiB written, they'd choose the faster one that uses less power and is much less likely to die to other reasons.
5. Re:Who uses hard drives? by swb · 2018-05-30 06:31 · Score: 1
  
  I remember that test and another one that used an 850 Pro with similar results.
  I kept waiting for someone to gut the enterprise storage market by putting out cheap, flash based storage devices but it never happened. I still see prices in the thousands for "read intensive" SSDs.
So that's what's been going on by Chrisq · 2018-05-29 22:05 · Score: 4, Insightful

So that's what's been going on in the US embasies
1. Re:So that's what's been going on by sabbede · 2018-05-30 00:07 · Score: 2
  
  I had the same idea! Yesterday I was thinking that maybe the sonic attacks were intended to have some effect other than deafness, but the equipment was miscalibrated. Now here's something that might point to the intended effect.
  Regardless of what the intended effect might be, I do have to wonder how many embassies might be under the influence of properly calibrated equipment, should that be the case.
Destructive resonances by drdread66 · 2018-05-29 23:14 · Score: 3, Informative

I saw a related phenomenon in ~2006. My employer was developing some software for a DoD system. Everything worked great in our lab but weird things happened when installed on the servers that the Government bought. It took us *months* to figure out that the problem was a resonance between the hard drives and the cooling fans. After an hour or so of running, the drives would stop working.
We contacted the manufacturer of the hardware and they (a) replaced the fans with fans of a different RPM and (b) isolated the fans with rubber mounts. The problem disappeared immediately and never returned.
Shouting in the datacenter by ccool · 2018-05-29 23:20 · Score: 4, Informative

https://www.youtube.com/watch?...
I'm surprised no one mentioned this link before...
1. Re:Shouting in the datacenter by LinuxIsGarbage · 2018-05-30 08:07 · Score: 1
  
  You mean like this post almost two hours before yours?
Oh, that speaker? by CaptainDork · 2018-05-30 00:11 · Score: 1

That speaker sings lullabies to your computer while guarding against malware and detecting Russian interference in elections.
Free trial, right?

--
It little behooves the best of us to comment on the rest of us.
I knew that blue hedgehog wasn't to be trusted by rsilvergun · 2018-05-30 02:18 · Score: 1

blast processing indeed... This goes all the way to the top of plant Mobius. Wait... mobius don't have tops. Or is it mobii?

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
My system is secure! by gweihir · 2018-05-30 05:49 · Score: 1

a) I have mostly SSDs and
b) Classical earbuds are not able to pump out that much. Also do not make you a dick by disturbing the neighbors.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.