Do you think your data is safe because your computer isn’t connected to the internet or a network? Wrong. As security researchers recently demonstrated, the sounds of your computer’s hard drive can be used to transmit data from an air-gapped and seemingly well-protected machine.
The DiskFiltration hack, demonstrated in this video by security researcher Mordechai Guri of Israel’s Ben-Gurion University, works by controlling the actuator in a hard drive which moves back and forth across the drive’s platters to read and write data. Think of it as the arm on a record player, but constantly moving back and forth at tremendous speeds.
As the actuator jumps around, it produces subtle sounds. You know that cacophony of sounds when you first boot up a desktop computer? Part of that noise is coming from the machine’s hard drive, and with the correct malware installed, those sounds can actually leak sensitive data to a nearby air-gapped device, like a smartphone, that knows what to listen for.
The DiskFiltration has a working range of about 2m, but it’s limited to a slow data rate of about 180 bits per minute. That’s enough to capture a complex encryption key, like from the 4096-bit RSA algorithm, in about 25 minutes. For larger files the method is mostly impractical, and it requires an insider to actually get the malware onto the protected machine. It also doesn’t work with SSD drives which don’t have moving parts. But still, it’s a crazy hack.