Recently, scientists released the latest research results, they use sound waves to attack the mechanical hard drive, resulting in the use of mechanical hard disk equipment failure. So, what harm it caused? Geek Park discovered articles about scientists' research results, especially Compile to share with you readers.
The original article was published on Bleeping Computer, formerly titled "Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More" by Catalin Cimpanu.
An attacker can use sound waves to interfere with the normal operating mode of a hard disk drive (HDD) to generate a temporary or permanent denial of service (DoS) that can be used to stop a CCTV surveillance system from recording video clips or freeze processing of critical HDDs computer.
The basic principle of this attack is the vibration of a mechanical hard disk data storage disc caused by sound waves, which produces resonance effects if the sound waves are played at a specific frequency.
A mechanical hard drive stores a large amount of information in each sector of the disk, so a hard disk saver stops the hard drive from all read / write operations while the mechanical drive is shaken, thereby avoiding scratching the storage disk and permanently damaging the hard drive .
The concept of using sound waves to disrupt mechanical hard disk operation is not a new idea, and the study may have been nearly a decade old.
As early as 2008, Joyent's chief technology officer, Brandon Gregg, showed how loudly sound waves can cause hard drive reading and writing errors in the famous "Shouting in a datacenter." Earlier this year, a Argentinian researcher demonstrated that he was How to temporarily stop a mechanical hard drive from responding to operating system commands by playing a 130 Hz tone.
New research shows the utility of mechanical hard disk acoustic attacks
Recently, scientists at Princeton University and Purdue University in the United States published new research results that were further expanded on the basis of previous research results and provided additional practical test results.
Using specially designed test equipment, the research team tested the mechanical hard drive from different angles and recorded the results to determine the frequency, attack time, distance from the mechanical hard disk, and the angle of sound wave when it stopped working.
Researchers through the mechanical hard disk attack test (from BleepingComputer)
The researchers had no difficulty determining the best attack frequency range for the mechanical hard disks they used to experiment with, and they also thought the attackers would not have had any difficulty either.
Any attacker who can generate acoustic signals near a mechanical hard disk storage system can have a simple attack site to attack companies and individuals.
Sound waves can be delivered in a variety of ways
An attacker could either use an external speaker to signal or use a speaker near the target, for which purpose an attacker could play attack sound waves using remote software, such as remotely controlling multimedia software in vehicles and personal devices, or trick users into playing electronic Malicious sound waves on mail or web pages can also embed malicious sounds into the media (such as television commercials).
Once an attacker finds a way to deliver an acoustic attack, the result will vary depending on the conditions.For example, the closer a speaker is to a mechanical hard disk, the less time it takes to perform an attack and the longer the attack will likely result Permanently denial of service, which requires rebooting the device and not self-healing.
In particular, attackers need to be aware of the fact that there are no operators in front of the device because these attacks are in the audible range of the human ear and the attacker can investigate the source of the sound waves and associate it with a failure of the local device.
Researchers at Princeton and Purdue conducted acoustic attacks on mechanical hard disks in digital video recorder (DVR) devices using CCTV surveillance systems and also attacked desktops running Windows 10, Ubuntu 16 and Fedora 27.
Attack CCTV monitoring system
"About 230 seconds after the attack began, a pop-up warning window appeared on the monitor prompting" Disk Lost! ", The researchers said while attacking a mechanical hard drive in a Digital Video Recorder (DVR) device.
The researchers added: "After stopping the sonic attack, we tried to play back the video recorded by the four cameras and found that the DVR had to be interrupted. The DVR had to be rebooted but the footage was permanently lost."
The CCTV surveillance system was attacked (from Bleeping Computer) and attacked the computer
The second experiment was aimed at a desktop computer. Researchers played a 9.1kHz sound wave from a 25cm distance toward the airflow opening of the chassis.
The team said it caused a variety of failures on running computers, and even longer-running computers could even cause a blue screen on the computer, causing the underlying operating system to crash.
The computer was attacked blue screen (from BleepingComputer) to protect the hard drive is necessary
Most of these attacks are played at close range maliciously made sound waves, researchers believe that the use of louder sound waves can increase the scope of the attack.
Although mechanical hard drives play an important role in computer systems, their safety is overlooked. Mechanical hard drives store many important software components (such as the operating system) and various forms of sensitive information, so this will Attract a lot of attackers.
Because attackers need to meet a wide range of criteria, this attack is not exploited on a large scale, but sonic attacks, however, apply essentially to targeted attacks on critical systems, for example, which extremists can use to attack The security system physically intrudes, damages or destroys the integrity of the system, and even attacks the medical equipment to cause casualties.
In addition, malicious groups can also carry out sonic attacks on ATM machines to prevent them from collecting evidence when they steal money from ATM machines via fileless malware (without the need to download malware to attack them).
