Previous All Posts Next

Hacking with Sound

Posted: September 8, 2016 to Cybersecurity.

Tags: Malware, Data Breach, Cloud Security

What do Tibetan monks, sophisticated hackers and famous rock stars all have in common? The ability to harvest soundwaves into power. Case in point: Israeli Video Researchers from the Negev Cyber Security Research Center at Ben-Gurion University discovered a MacGyver-esque way to syphon data from a PC to a mobile device using nothing but the noise that is generated from the disk drive. Though it sounds like a scenario straight out of a sci-fi spy thriller, hacker have discovered ways to audibly steal data from air-gapped computers using external devices such as microphones, printers and even thermostats. They have even used a computer’s fans and vibrations before. Fortunately for the paranoid, this type of cybertheft can be avoided by simply not using them. Disk drives, however? They might be a bit more difficult to omit. How it Works You are the unfortunate victim who somehow manages to get acoustic malware downloaded onto your PC. This malware will most likely be developed to search for key-logging type of data, such as finding passwords or encryption keys. When the program finds such data, it sends a message to the disk drive and tells it to run a fake “seek” function. The disk drive will just sound like random drive noise, but it is actually creating specific patterns and frequencies, in the form of binary code, that are then captured and interpreted by some sort of recording device/smartphone. Fortunately, there are limitations. Most disks now come equipped with automatic acoustic management (AAM) features whose purpose is to keep such acoustic attacks from happening by reducing “seek” noises on a computer. However, this test was successfully run on a computer whose AAM was set to the default mode. That being said, the device that is transcribing the binary code is only able to do so at a rate of 10,800 bits/hour, and the recording device must be within six feet of the computer. So it is not going to be a lot of data, but then again, hackers don’t need a lot of speed to steal encryption codes or passwords. Many hard disks now include a feature called that deliberately dampen seek noise to prevent attacks like these. The researchers say their tests were run with AAM on its default settings. Prevention There are, fortunately, ways to keep you and your business safe:
  1. Only use solid state drives. While they are costlier, they are also more secure.
  2. Modify your AAM Settings. Make sure that the AAM values are correctly set so you will be alerted to anything suspicious.
  3. Ban Smartphones. This is very common and should be implemented in any secure area.

Related Articles

Joplin vs. Obsidian: Which Note-Taking App Fits Your Workflow? Joplin vs. Obsidian: Which Note-Taking App Fits Your Workflow? Contested Intelligence Contested Intelligence MLX + Exo: Unlocking Apple Silicon’s ML Performance MLX + Exo: Unlocking Apple Silicon’s ML Performance The Enterprise Copilot Blueprint: Secure Architecture, Real ROI The Enterprise Copilot Blueprint: Secure Architecture, Real ROI
Craig Petronella
Craig Petronella
CEO & Founder, Petronella Technology Group | CMMC Registered Practitioner

Craig Petronella is a cybersecurity expert with over 24 years of experience protecting businesses from cyber threats. As founder of Petronella Technology Group, he has helped over 2,500 organizations strengthen their security posture, achieve compliance, and respond to incidents.

LinkedIn Twitter About
Related Service
Protect Your Business with Our Cybersecurity Services

Our proprietary 39-layer ZeroHack cybersecurity stack defends your organization 24/7.

Explore Cybersecurity Services
Previous All Posts Next