Hard Disks Can Be Turned Into Listening Devices, Researchers Find
Saturday March 9, 2019. 12:30 AM , from Slashdot
The team's research work, scheduled to be presented in May at the 2019 IEEE Symposium on Security and Privacy, explores how it's possible to alter HDD firmware to measure the offset of a disk drive's read/write head from the center of the track it's seeking. The offset is referred to as the Positional Error Signal (PES) and hard drives monitor this signal to keep the read/write head in the optimal position for reading and writing data. PES measurements must be very fine because drive heads can only be off by a few nanometers before data errors arise. The sensitivity of the gear, however, means human speech is sufficient to move the needle, so to speak. Vibrations from HDD parts don't yield particularly good sound, but with digital filtering techniques, human speech can be discerned, given the right conditions. 'Flashing HDD firmware is a prerequisite for the snooping because the ATA protocol does not expose the PES,' The Register reports. 'To exfiltrate captured data, the three boffins suggest transmitting it over the internet by modifying Linux operating system files to create a reverse shell with root privileges or storing it to disk for physical recovery at a later date.' The researchers note that this technique does require a fairly loud conversation to take place near the eavesdropping hard drive. 'To record comprehensible speech, the conversation had to reach 85 dBA, with 75 dBA being the low threshold for capturing muffled sound,' the report says. 'To get Shazam to identify recordings captured through a hard drive, the source file had to be played at 90 dBA. Which is pretty loud. Like lawn mower or food blender loud.'
Read more of this story at Slashdot.
Mar, Mon 18 - 15:21 CET