The computer’s hard drive can be destroyed by an acoustic attack from ordinary speakers

The computer's hard drive can be destroyed by an acoustic attack from ordinary speakers

The computer’s hard drive can be destroyed by an acoustic attack from ordinary speakers

Information security specialists from the universities of Michigan and Zhejiang reconfigured each other’s work and confirmed the discovery of a new critical hardware vulnerability. Potentially, it is subject to a huge number of classic hard drives around the world.

The reading head of the hard disk should be positioned very precisely in space, for which it is equipped with different sensors. It was they who were chosen as the target of the attack – it turned out that ultrasonic oscillations from the outside could well provoke interference. And if you build the right attack tactics, then a series of failures in the head control system will cause the protective mechanism to erratically move it beyond the zone of operation. And this – irreversible damage to the device itself and recorded data.

You can do without ultrasound, say the Chinese researchers – if the speaker system is powerful enough, then ordinary sound waves can create dangerous vibrations. It is a question of shifting the disc’s head to the hundredths of a millimeter-enough clout or a blow to the body of the device to disrupt its operation. And you can do this even with the help of your own system speakers, for example, in a laptop Dell XPS 15 9550 speaker gives a volume of 103 dB, and to break the hard drive will suffice and 96.5 dB.

The computer's hard drive can be destroyed by an acoustic attack from ordinary speakers

It is relatively easy to provoke such an attack if one knows the exact location of the victim and the radiating device. It’s enough simple script to activate the sound card, and the computer does not need to be hacked – you can just send a “modified” music file that the user will launch himself. Especially vulnerable are numerous computers in state institutions, where often there is obsolete cheap equipment, and users are not qualified for information security.

  • 1.4K
    Shares

http-www-ijre-org