Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Operating Systems Software Hardware Science

Sonic and Ultrasonic Attacks Damage Hard Drives and Crash OSes (arstechnica.com) 102

Dan Goodin reports via Ars Technica: Attackers can cause potentially harmful hard drive and operating system crashes by playing sounds over low-cost speakers embedded in computers or sold in stores, a team of researchers demonstrated last week. The attacks use sonic and ultrasonic sounds to disrupt magnetic HDDs as they read or write data. The researchers showed how the technique could stop some video-surveillance systems from recording live streams. Just 12 seconds of specially designed acoustic interference was all it took to cause video loss in a 720p system made by Ezviz. Sounds that lasted for 105 seconds or more caused the stock Western Digital 3.5 HDD in the device to stop recording altogether until it was rebooted. The device uses flash storage to house its firmware, but by default it uses a magnetic HDD to store the large quantities of video it records. The attack used a speaker hanging from a ceiling that rested about four inches above the surveillance system's HDD. The researchers didn't remove the casing or otherwise tamper with the surveillance system. The technique was also able to disrupt HDDs in desktop and laptop computers running both Windows and Linux. In some cases, it even required a reboot before the PCs worked properly. The paper titled "Blue Note: How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems" can be found here (PDF).
This discussion has been archived. No new comments can be posted.

Sonic and Ultrasonic Attacks Damage Hard Drives and Crash OSes

Comments Filter:
  • 4 inches? (Score:3, Interesting)

    by Bert64 ( 520050 ) <bertNO@SPAMslashdot.firenzee.com> on Wednesday May 30, 2018 @02:17AM (#56697560) Homepage

    If you're within 4 inches of the drive you could use a hammer, or just unplug the power... Works against SSDs too!

    • Re:4 inches? (Score:5, Insightful)

      by jibjibjib ( 889679 ) on Wednesday May 30, 2018 @02:37AM (#56697602) Journal

      The speaker doesn't necessarily have to be within 4 inches; perhaps with further tuning or a different speaker it could work from elsewhere within the room. And there are plenty of plausible scenarios where you don't have physical access to the hard drive, but you do have access to a nearby speaker.

      e.g.

      - you're running a website and you want to DoS your users' laptop hard drives using the laptop speakers

      - you compromised one computer (or phone, or media player, or other device with speakers) and want to use it to attack another device sitting on the desk beside it.

      - you rented datacenter space just above your target's server, and your server has an internal speaker which you can attack them with.

      • by Anonymous Coward

        I have skimmed through the PDF and in every graph their scale is starting at 100 dB SPL.
        That is very loud, think concert hall loud. I not sure if this is a very pratictal attack.

        • Re:4 inches? (Score:5, Interesting)

          by jibjibjib ( 889679 ) on Wednesday May 30, 2018 @02:56AM (#56697658) Journal

          It sounds to me from the paper like a laptop's own speakers are capable of generating enough sound to disrupt the laptop's hard drive, in ultrasound ranges that most humans can't hear. Yes, it's a lot of sound energy, but still possible for it to be unnoticed, especially if you timed it for when the user isn't around, or mixed it into music or other legitimate sound.

      • Lets not forget sound attenuates using the inverse square law. At double the distance you need 4X as much volume for the same sound pressures. So if I takes 4 inches and you need 20' you need 3600 times the decibels. And this doesn't include attenuation through walls or other materials. I'd be curious what decibel level this took so you could calculate what kind of volume you'd need at something like 20', if it involves hauling around 20' speakers I'm not sure this is a viable technique in the real world.

        • by Bengie ( 1121981 )

          So if I takes 4 inches and you need 20' you need 3600 times the decibels

          Don't you mean something like 35.5 more decibels? It's a 3600x difference in energy, but decibels are log based. Log 3600 = 3.55 bels

          • I don't know honestly. The inverse square law works on the decibels so I'm not sure it's so clear cut, I believe you are right but someone that knows more about sound would need to chime in. Given the other post that says you needed 118 decibels at 4 inches I'm not sure 154 decibels at 20' would be equivalent.

            My main point was even if you can do this from 4 inches with a chainsaw sound level, you'd need some massive speakers and power output to do it from outside a building. In fac,t I dare say the sound pr

            • 154dB would in impressive

              150dB Sensation of being compressed as if underwater
              152dB Vibration is painful and felt in joints
              153dB Throat vibrating so hard it is impossible to swallow
              154dB Compression will burst child’s balloon
              155dB Experience cooling from excited air movement, up to 15 degree C perceived cooling
              158dB Inside of a rock concert speaker bin with 5000 watts power

              http://www.decibelcar.com/menu... [decibelcar.com]

    • by Anonymous Coward

      If you're within 4 inches of the drive you could use a hammer, or just unplug the power... Works against SSDs too!

      An inside job that uses a loud ultrasonic sound leaves no traces. The video surveillance equipment simply stopped working. On the other hand, if your inside contact hammers the HDD hard, it leaves some traces, I'd say...

      • by Entrope ( 68843 )

        "The suspect was recorded on CCTV carrying a large speaker into the surveillance system room. The recording stopped approximately a minute and a half later." type inside job that leaves no traces?

  • 118 dB required (Score:4, Insightful)

    by Anonymous Coward on Wednesday May 30, 2018 @02:45AM (#56697630)

    As pointed out on ars, the volume required is much like putting your ear against a chainsaw at full throttle.

    Nothing here, move along.

    • To stop a hard disk ... yes ... but you can make a long term "attack" damaging the disks slowly with not so strong noise.

      Everything depends on what it is your goal.

  • The last two out of two builds I did, the case didn't even have a speaker. Did not miss it a bit. I don't think the "cheap PC speaker" is even a thing any more, and laptops - which always have speakers - don't have hard drives except unless they are super crap, then don't worry about it.

    • Do you think this will work with my Adlib card?
    • by Zocalo ( 252965 )
      Case speakers are definitely a relic of a bygone age. No idea about all-in-one desktops since I don't do those, but other than laptops I don't think I've had a case with one for getting on for at least a decade now, although many motherboards do still seem to include a piezo-electric tweeter somewhere. That's pretty much redundant too, however, since anything sent to it is usually hijacked by the drivers for either the on-board sound chip or any add-on audio hardware pretty early in the boot process. Gen
      • Generally speaking, you're going to need to trigger some kind of pre-BIOS/UEFI failure to get anything out of it, and even that seems to be dying out as my last few mobos have all had a pair of seven-segment LED displays that show a sequence of hex status codes as the system progresses through the boot process.

        LED display on the MB is civilized, but most don't have it and blink some LED instead, which nearly all new MBs have and is getting universal. Even NUCs [intel.com] do this. Way more useful imho. I never did like the lame little beep on boot, can't shed a tear for its demise.

  • by slashmydots ( 2189826 ) on Wednesday May 30, 2018 @03:42AM (#56697728)
    This is why I use SSDs. 800G impacts and 200G vibrations while in use are no problem. Then again, it depends how much storage you actually need.
    • "Then again, it depends how much storage you actually need."

      When I googled this, all I could find was a 1 TB, 8-channel dvr, with a security camera set-up. OTOH, I only went through 2 pages of links...

    • You use SSDs because you're worried someone will put a speaker 4" away from your computer emitting a sound roughtly as loud as a chainsaw?

      I think you have bigger worries than data loss.

    • by swb ( 14022 )

      Modern high quality SSDs have really good write durability, but do they have enough to really survive in a DVR that's recording constantly at least at the price points acceptable enough for warehouse store security camera bundles?

      It'd be an interesting thing to try out. I could see where the increased throughput of flash media could make for enhanced DVR features, like high frame rate recording but extremely fast time lapse scanning, although I assume they've kind of figured out how to do that with slower

      • by Bengie ( 1121981 )
        A tech site was doing endurance testing many years back and they manage to write over 2 petabytes to a Samsung 840 Evo before a power outage killed the SSD. And 840s were infamous for their poor write endurance and longevity, according to their specs that is. First gen TLC and all that. I haven't seen any recent longevity tests because everyone gave up. Even the low end name brand drives pretty much only die to manufacturing defects.

        Several years ago some datacenter, I think Google, wrote a blog about usi
        • by swb ( 14022 )

          I remember that test and another one that used an 850 Pro with similar results.

          I kept waiting for someone to gut the enterprise storage market by putting out cheap, flash based storage devices but it never happened. I still see prices in the thousands for "read intensive" SSDs.

  • by Chrisq ( 894406 ) on Wednesday May 30, 2018 @05:05AM (#56697908)
    So that's what's been going on in the US embasies
    • I had the same idea! Yesterday I was thinking that maybe the sonic attacks were intended to have some effect other than deafness, but the equipment was miscalibrated. Now here's something that might point to the intended effect.

      Regardless of what the intended effect might be, I do have to wonder how many embassies might be under the influence of properly calibrated equipment, should that be the case.

  • by drdread66 ( 1063396 ) on Wednesday May 30, 2018 @06:14AM (#56698118)

    I saw a related phenomenon in ~2006. My employer was developing some software for a DoD system. Everything worked great in our lab but weird things happened when installed on the servers that the Government bought. It took us *months* to figure out that the problem was a resonance between the hard drives and the cooling fans. After an hour or so of running, the drives would stop working.

    We contacted the manufacturer of the hardware and they (a) replaced the fans with fans of a different RPM and (b) isolated the fans with rubber mounts. The problem disappeared immediately and never returned.

  • by ccool ( 628215 ) on Wednesday May 30, 2018 @06:20AM (#56698150)

    https://www.youtube.com/watch?... [youtube.com]

    I'm surprised no one mentioned this link before...

  • That speaker sings lullabies to your computer while guarding against malware and detecting Russian interference in elections.

    Free trial, right?

  • blast processing indeed... This goes all the way to the top of plant Mobius. Wait... mobius don't have tops. Or is it mobii?
  • a) I have mostly SSDs and
    b) Classical earbuds are not able to pump out that much. Also do not make you a dick by disturbing the neighbors.

IOT trap -- core dumped

Working...