Cornell Researchers Demo 'DiskFiltration' Hack That Steals Passwords And Crypto Keys Via Hard Drive Sounds
The lengths that researchers will go to in order to expose security weaknesses in computing technology never ceases to amaze us. The latest technological breakthrough (or security nightmare, depending on how you view it) comes to us courtesy of researchers from Cornell University, and it looks like something that could have been grabbed straight out of a James Bond flick.
The researchers have targeted air-gapped computers, or computers that are completely cut off from unsecure networks (like the internet). As the researchers point out, “This measure is taken in order to prevent the leakage of sensitive data from secured networks.” However, using a method called DiskFiltration, they were able to glean sensitive information from a computer’s hard disk drive (HDD) by installing malware and then deciphering the “clicks” that the storage device makes when operating through the use of an external device.
Unlike previous methods that have been detailed in the past, the Cornell researchers were able to leach information without the need of audio equipment being plugged into the computer (i.e. speakers). The researchers write:
A malware installed on a compromised machine can generate acoustic emissions at specific audio frequencies by controlling the movements of the HDD's actuator arm. Digital Information can be modulated over the acoustic signals and then be picked up by a nearby receiver. We examine the HDD anatomy and analyze its acoustical characteristics.
In this instance, once the malware was installed, a Samsung Galaxy Android-based smartphone was used to hone in on the HDD’s audio signature and record data at a distance of six feet. The malware program was able to send sensitive information like passwords, encryption keys and even key-logging data back to the ready and waiting smartphone. Data was only transmitted at 180 bits per minute, but that’s still quite an accomplishment for this method of recovering data.
However, there are some rather obvious downsides to the DiskFiltration approach. First, getting the malware onto the computer in the first place isn’t exactly easy — after all, the target in this case is an air-gapped PC without an active internet connection, so the usual attack vectors won’t work. Secondly, you’d need physical access to the PC to install the malware. So if you were able to somehow access the machine to insert malware, you likely have all the access needed to do your dastardly deeds.
Lastly, this method of data extraction obviously wouldn’t work on a computer equipped with a solid state drive (SSD). So if you ever needed another reason to upgrade to a speedy and capacious SSD, this could be it.