Are you not worried about hacker attacks if you do not connect to the Internet or plug in a USB flash drive? Hackers can use acoustic waves to attack your hard disk, and hackers can attack acoustic waves.

Are you not worried about hacker attacks if you do not connect to the Internet or plug in a USB flash drive? Hackers can use acoustic waves to attack your hard disk, and hackers can attack acoustic waves.
Attackers can use acoustic waves to interfere with the normal working mode of HDD to generate a temporary or permanent DoS Status ), this attack can be used to prevent CCTV monitoring systems from recording video clips, or to freeze computers that are processing critical operations.

The basic principle of this attack is to use sound waves to cause vibration of the data storage disk of a mechanical hard disk. If a sound wave is played at a specific frequency, it will produce a resonance effect.

A mechanical hard drive stores a large amount of information in the sector of each disk. Therefore, when the mechanical hard drive vibrates, the hard disk protection program will stop all read/write operations on the hard disk, in this way, you can avoid scratching the storage disk and permanently damaging the hard disk.

The concept of using sound waves to destroy mechanical hard drive operations is not a new idea. This research may have been around for nearly a decade.

As early as 2008, Joyent's chief technology officer Brandon Gregg showed in the famous Shouting in a datacenter video how much sound waves would cause hard disk read/write errors. Earlier this year, a study in Argentina demonstrated how he temporarily stops responding to operating system commands by playing a 130Hz tone.

New research shows the practicality of acoustic attacks on mechanical hard disks

Recently, scientists from Princeton University and Pudu University have published new research results, which are further expanded based on previous research results and provide additional practical test results.

The research team uses a dedicated test device to test the mechanical hard disk from different angles and records the results to determine the frequency, attack time, distance from the mechanical hard disk, and sound wave angle when the work is stopped.

Record the results to determine the frequency, attack time, distance from the mechanical hard disk, and sound wave angle when the operation is stopped

The researchers did not have any difficulty in identifying the optimal frequency range of attacks they used for the investigational hard drive. They also believe that attackers will not encounter any difficulties.

Any attacker that can generate sound waves near a mechanical hard drive storage system can have a simple attack location to attack companies and individuals.

Acoustic waves can be transmitted in multiple ways

Attackers can use external speakers to send signals or use speakers near the target. Therefore, attackers may use remote software (such as multimedia software in remote control vehicles and personal devices) to play attack sound waves, or cheat users to play emails or malicious sound waves on webpages, malicious sound waves can also be embedded into media (such as TV ads ).

Once an attacker finds a method to transmit an acoustic attack, the results change according to the conditions. For example, the closer the speaker is to the hard disk, the less time it takes to execute the attack. The longer the attack lasts, the more likely it will lead to a permanent denial of service. This requires you to restart the device, instead of self-recovery.

The attacker must note that no operator is available on the device, because these attacks are within the audible range of the human ears. Attackers can investigate the sources of sound waves, and local device faults.

Researchers at the University of linston and Pudu performed an acoustic attack on the mechanical hard disk in a digital video recorder (DVR) device using a closed-circuit television surveillance system, and attacked Windows 10, ubuntu 16 and Fedora 27 desktops.

Attack closed-circuit television monitoring system

「 After the attack starts for about 230 seconds, a pop-up warning window appears on the monitor prompting "disk loss !』」, Researchers say this when attacking a mechanical hard disk in a digital video recorder (DVR) device.

The researchers also said: "After stopping the sonic attack, we tried to play back the videos recorded by four cameras and found that they were interrupted. The DVR must be restarted, but the video clip is permanently lost .」

After stopping the sonic attack, we tried to play back the videos recorded by four cameras and found that they were interrupted. The DVR must be restarted, but the video clip is always

Attack computers

The second experiment was intended for desktop computers, where researchers played 25 cm kHz-frequency sound waves at an open air stream from a distance of 9.1 to the chassis.

The research team said this caused a variety of failures on the running computer. If the playback time is longer, it may even lead to a blue screen on the computer, causing the underlying operating system to crash.

It is necessary to protect the hard disk.

Most of these attacks are malicious sound waves that are played at close intervals. Researchers believe that using more audible sound waves can increase the attack range.

Although HDD plays an important role in computer systems, its security is neglected. HDD stores many important software components (such as operating systems) and various forms of sensitive information, so this will attract many attackers.

Because Attackers need to meet various standards, the attack will not be exploited in a large scale. However, sonic attacks are essentially applicable to targeted attacks on key systems. For example, a single ethnic country can use this technology to launch attacks, perform physical intrusion, damage or damage to security systems, and even attack medical devices, resulting in casualties. In addition, malicious groups can perform sound wave attacks on ATMs to prevent them from stealing money from ATMs through malicious software without downloading them, evidence collected.