Cornell Researchers Demo 'DiskFiltration' Hack That Steals Passwords And Crypto Keys Via Hard Drive Sounds

by Brandon Hill — Friday, August 12, 2016, 01:43 PM EDT

The lengths that researchers will go to in order to expose security weaknesses in computing technology never ceases to amaze us. The latest technological breakthrough (or security nightmare, depending on how you view it) comes to us courtesy of researchers from Cornell University, and it looks like something that could have been grabbed straight out of a James Bond flick.

The researchers have targeted air-gapped computers, or computers that are completely cut off from unsecure networks (like the internet). As the researchers point out, “This measure is taken in order to prevent the leakage of sensitive data from secured networks.” However, using a method called DiskFiltration, they were able to glean sensitive information from a computer’s hard disk drive (HDD) by installing malware and then deciphering the “clicks” that the storage device makes when operating through the use of an external device.

Unlike previous methods that have been detailed in the past, the Cornell researchers were able to leach information without the need of audio equipment being plugged into the computer (i.e. speakers). The researchers write:

A malware installed on a compromised machine can generate acoustic emissions at specific audio frequencies by controlling the movements of the HDD's actuator arm. Digital Information can be modulated over the acoustic signals and then be picked up by a nearby receiver. We examine the HDD anatomy and analyze its acoustical characteristics.

In this instance, once the malware was installed, a Samsung Galaxy Android-based smartphone was used to hone in on the HDD’s audio signature and record data at a distance of six feet. The malware program was able to send sensitive information like passwords, encryption keys and even key-logging data back to the ready and waiting smartphone. Data was only transmitted at 180 bits per minute, but that’s still quite an accomplishment for this method of recovering data.

However, there are some rather obvious downsides to the DiskFiltration approach. First, getting the malware onto the computer in the first place isn’t exactly easy — after all, the target in this case is an air-gapped PC without an active internet connection, so the usual attack vectors won’t work. Secondly, you’d need physical access to the PC to install the malware. So if you were able to somehow access the machine to insert malware, you likely have all the access needed to do your dastardly deeds.

Lastly, this method of data extraction obviously wouldn’t work on a computer equipped with a solid state drive (SSD). So if you ever needed another reason to upgrade to a speedy and capacious SSD, this could be it.

Tags: HDD, cornell, diskfiltration

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.