At the 39th IEEE Security/Privacy Symposium, the Michigan and Zhejiang University Security Team published a paper demonstrating that intentional acoustic interference causes unusual errors in the hard disk.
The study came from a video in 2008:
Engineer Brendan Gregg found that shouting loudly could cause a hard drive failure.
In 2016, Romania’s ING Bank closed its bank’s data center for 10 hours during a fire drill because of the loud sound of the release of inert gas.
The Michigan and Zhejiang University team made further in-depth research on this and demonstrated that using built-in speakers or other sound emitting devices can interfere with or even destroy the hard disk drive through acoustic wave attacks.
In a controlled experiment, the researchers demonstrated how sonic and ultrasonic interference forces the key components of a magnetic hard disk drive to vibrate outside the operating limits. By using acoustic attacks, they can trigger a built-in shock sensor that protects the drive from falling damage.
Researchers use audio receivers and speakers to create sound signals and use RF Vector Signal Generators to create ultrasound signals.
They measured the impact of various frequency signals on hard disk drives, including loss of throughput, program crashes, and hard drive read and write interrupts.
In an experiment conducted by the research team, a 5 kHz sound wave hits the hard disk drive chassis with a sound pressure of 120 dB (dB SPL) from above. The team developed a model that estimated that this attack would produce a maximum disc displacement of about 33 nm horizontal and 156 nm vertical, with a maximum read/write head displacement of 9 nm horizontal and 112 nm vertical.
Other attacks exploit the physical properties of the driver hardware, such as its “resonance frequency.” By playing a sound (human voice range) that matches the resonant frequency, researchers discovered vibrations that disrupted disk operation.
Although this vibration is not large, for a very precise disk, even a small change in the operation of the physical drive can have a huge impact on the operation of the device Because the operating system and software applications running on it assume that the hardware will operate as expected.
In other experiments, researchers were able to use sound waves to trigger common piezoelectric vibration sensors or MEMS capacitive accelerometers found on most modern hard disk drives. These sensors were originally triggered when the hard disk was accidentally dropped. Now you can use sound waves.
By swindling the accelerometer with sound waves, the researchers activated the shock sensor and completely disabled the read/write capability of the affected hard disk drive.
Although current sonic attacks are only conceptual proofs, the researchers warn that such attacks are very easy to implement and do not even require specialized equipment. This means that attackers can use devices that already exist in the environment they are targeting, such as hackers attacking a data center by invading a smart speaker or a staff’s mobile phone to play a specific sound frequency.
Researchers have also contacted the test disk drive manufacturers to update the firmware to effectively reduce the sudden head crash caused by misjudgment of the shock sensor.
Suggest Reading
Blue Note: How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems
