search slide
search slide
pages bottom

Hard drive sounds used to steal data from air-gapped computers

No matter how hard you try to keep a computer secure, there’s probably someone who can find a way to remotely access it and compromise the data it contains. The safest way to keep a system from being hacked is simply to disconnect it from all networks and other methods of communication. If it’s not connected to anything, there’s no available avenue for a hack. This is called air-gapping, and it’s commonly used in high security scenarios.

However, a number of interesting theoretical exploits have been found that could still pull data from an air-gapped system. For example, BitWhisper can use heat scanning to retrieve data from a non-networked PC. Some researchers have even used case fan noise to get data from an air-gapped computer. Now researchers from Israel’s Ben-Gurion University have found a way to use the acoustic signals from a hard drive to extract data.

The team, led by Mordechai Guri at Ben-Gurion University, have dubbed this new workaround “DiskFiltration.” It’s somewhat similar to the case fan application mentioned above. The tool uses the hard drive’s actuator to send signals — that’s the mechanical arm that moves across the platters so the head can read and write data. It’s also what makes the clicking noise you’re familiar with. When DiskFiltration is present on a computer, it manipulates the seek operations of the actuator in such a way that an audible signal is sent out. Then, you just need something nearby to pick up the signal.

The researchers used a smartphone, which you could place harmlessly on a desk or carry around in your pocket near a computer running DiskFiltration. It has a range of about six feet and a speed of 180 bits per minute. That’s not very fast. At that rate, it would take you about 74 hours to covertly steal a 100KB document. Even if time isn’t on your side, that data rate would be acceptable to swipe things like encryption keys or passwords. You could get a full 4,096-bit cryptographic key in about 25 minutes with DiskFiltration.

The demonstration and the paper look convincing — DiskFiltration appears to be effective at transmitting data from an air-gapped system, at least under laboratory conditions. There’s no guarantee it would work in the real world, though. For one, it relies upon first infecting a computer with malware that can control the hard drive. Since the computer in question is air-gapped, you’d need an inside man to install the malware. DiskFiltration is also based on hard drives, not solid state drives. Those have no moving parts, so they can’t be exploited in the same fashion. Perhaps this method will convince those with air-gapped systems to ditch spinning drives once and for all.

Leave a Reply

Captcha image