Want to destroy video evidence of a break-in, prevent ATMs from logging malware attacks, or simply shut down a critical computer system? One possible way to do that might be disrupting hard disk drives with sound waves, either with a specialised device or just by hijacking a nearby speaker.
The reason the tactic allegedly works is simple, per Bleeping Computer: Sound waves cause vibrations, and when a “sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect.” Modern hard drives automatically shut off when vibrating to prevent the mechanical arms which perform read-write operations from scratching the data-storage platters and destroying data. That, obviously, can seriously disrupt functions on the associated devices or force them to crash.
As BleepingComputer noted, Princeton and Perdue university scientists recently demonstrated that such an attack is practical with a specialised audio rig that blasted an HDD drive with acoustic waves at specific angles and at various frequencies. Depending on the duration and frequency of the attack, the researchers wrote, they could induce either a temporary fault from which systems recovered or permanent ones requiring a full system reboot.
Image: Screengrab via arxiv.org
In their study, the researchers noted that since HDDs are the “most commonly-used type of non-volatile storage due to their enhanced energy efficiency, significantly-improved areal density, and low cost,” there’s a wide number of systems potentially vulnerable to attack.
Image: Screengrab via arxiv.org
Those included both CCTV systems and desktop computers, both of which the researchers showed could be messed with by the sound-wave system — though disrupting either required a specially designed sound played from a close distance. Those difficult conditions make this more of an interesting proof of concept of a previously unproven vulnerability, but as the researchers wrote, “Using more powerful sound sources can increase the attack range accordingly.” In the CCTV system case, researchers were able to prevent it from recording further camera data, while they were able to drive the desktop computer into a BSOD state.
One theoretical application of the attack technique suggested by BleepingComputer would be preventing an afflicted ATM from “collecting forensic evidence while fileless malware executes in the ATM’s RAM and dispenses cash to attackers,” but there’s probably lots of ways one could use this maliciously. As a result, the researchers recommended that sensitive computer systems come equipped with acoustic shielding for their HDD components — though maybe it wouldn’t hurt to invest in a solid state drive either.