A group of Princeton and Purdue researchers have demonstrated a successful acoustic attack against mechanical hard-drives where low-frequency noise keyed to the resonant frequency of the drive components is played nearby, causing the drive to vibrate so that the drive can neither be read nor written to.
The researchers demonstrated the attack under lab conditions, successfully preventing a CCTV’s DVR from recording the camera signal and stopping a laptop from being able to use its operating system.
The attack is not ready for primetime yet, though: this preliminary work requires relative precision in speaker placement as well as knowledge of the make and model of the target drives. However, the researchers hypothesize that with some refinements, the attack could be carried out by, for example, tricking (or hacking) a victim into playing the correct tone through their computer or device speakers.
Among storage components, HDDs have become the most commonly-used type of non-volatile storage due to their enhanced energy efficiency, significantly-improved areal density, and low cost. These have made them an inevitable part of numerous computing systems, including, personal computers, bedside monitors, CCTVs, and ATMs. Borrowing concepts from acoustics and mechanics, we presented the first instance of non-contact DoS attack against HDDs. The attack relies on a physical phenomenon, known as acoustic resonance, in which a sound wave forces an object to vibrate with a higher amplitude at specific frequencies. Our attack is motivated by the insight that real-world systems heavily rely on the avail- ability of HDDs and inspired by the observation that acoustic resonance can cause vibrations in an object. We conducted a thorough examination of physical characteristics of funda- mental components of HDDs (read/write head and platters) and created acoustic signals that cause significant vibration in HDD platters. These oscillations halt write/read operation of embedded HDDs, leading to severe security concerns in mission-critical systems. We demonstrated the feasibility of the attack in two real-world case studies, namely, CCTVs, and personal computers. Our proof-of-concept demonstrations shed light on a new security threat against computing systems, paving the way for further exploring overlooked vulnerabilities of HDDs.
Acoustic Denial of Service Attacks on HDDs [Mohammad Shahrad, Arsalan Mosenia, Liwei Song, Mung Chiang, David Wentzlaff and Prateek Mittal/Arxiv]
(via Schneier)