A research conducted by information security experts showed that using sonic and ultrasonic waves as a weapon, malicious actors could interrupt read, write and store functions of a hard disk drive (HDD). This could also be used to block the host operating system and damage specific units.
This attack can be made by “nearby emitters” that are directed to the device’s hard drive; therefore, attacks could be made using portable or desktop speakers. In practice, a victim visits a website or receives a phishing message and reproduces a harmful ultrasonic tone.
This research was conducted by professionals from the University of Michigan and the University of Zhejian in China. The team presented the results last week in San Francisco.
“Adversaries without special purpose equipment can cause hard disk errors with audible or ultrasonic sound waves. Audible waves vibrate the read / write head and disks; Ultrasonic waves alter the output of the HDD’s impact sensor, intentionally causing the head to park” the information security team said in a document.
Both errors can cause problems in the operating system or in the application, including persistent damage and system reboots.
“The research shows that the audible sound causes the head stack to vibrate outside the operational limits, the ultrasonic sound cause’s false positives in the impact sensor, which is designed to avoid a head shock,” they wrote the researchers.
In an attack on a PC with a Western Digital Blue WD5000LPVX unit, the unit was exposed to vibrations induced by a 5 kHz tone at 115.3 dB SPL and a tone from 5 kHz to 117.2 dB SPL. These noise levels are equivalent to the sound of a car horn.
A prolonged exposure can cause permanent loss of data, program failures and unrecoverable physical loss in HDD, information security experts said.
In the investigation, three different HDD manufacturers were tested: Western Digital, Toshiba and Seagate. The scenarios involve vibrations created by ultrasonic tones, which is the sound that is created at a higher frequency than what can be heard, 20 kHz and more.
The experts also commented that, “It is unlikely that the ultrasonic attacks cause a shock to the head, but they can damage the disc in other ways, causing the head to become unstable over time due to excessive parking.”
“For these self-stimulation attacks, the victim accesses a malicious website; this site plays malicious audio without permission on the built-in speaker to attack the HDD. The frequency response of a speaker can limit the ability to manage ultrasonic attacks, but some speakers can emit ultrasonic tones “, wrote the information securityexperts.
The professionals analyzed the emergency dump files of the Windows 10 system of a device. They noted that the hardware driver called “miniport” returned a device error that the operating system could not handle correctly.
“The operating system does not handle this error correctly, which leads to UNEXPECTED_STORE_EXCEPTION, which means that the memory manager required data from the disk, but could not write to memory due to an I / O error within the page,” they added. .
Older systems that still rely on legacy HHD technology are more vulnerable to these attacks. This is found in medical devices and systems that are difficult to remove, such as the storage of CCTV surveillance cameras.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.