Hard Drive Can Be Used As A Microphone For Espionage

  • Researchers use sound waves to turn hard disk drive into a microphone. 
  • This unintentional microphone can extract and parse human speech with high fidelity. 
  • The method requires hard drive firmware to be modified via old hacking techniques like phishing and injecting a virus, trojan, etc. 

If you’re worried about different kinds of computer virus and malware out there, then here is another unwelcome news: electronic devices are not only vulnerable to attacks based on software, but also on physics.

Recently, researchers at the University of Michigan discovered that personal electronics and household devices can be controlled or manipulated by sound waves and other sources of interference. In computers, these waves can enable hard disk drives to record your voice, without your knowledge.

The study shows that the mechanical components in magnetic hard disk act as microphones with enough precision to extract and parse human speech. In fact, these unintentional microphones could record nearby music with high enough fidelity that the Shazam (one of the most popular music recognition app) could successfully identify the song.

Sensors Are Essential

Sensors have become ubiquitous these days: think of the voltage monitors in pacemakers, accelerometers in airbags, and thermometers in freezers. Almost all devices take readings from these sensors without question. However, researchers have demonstrated that it’s possible to alter sensor’s outputs by using carefully customized electromagnetic and acoustic interference.

Reference: IEEE Computer Society | doi:10.1109/SP.2019.00008 | University of Michigan

They have shown that well-chosen electromagnetic wave patterns can cause a thermocouple to output -1044°C when the device was actually at room temperature. Similarly, they forced other sensors, such as voltage monitors in pacemakers to produce inaccurate results.

The team showed that appropriate high-frequency sound waves can make Fitbit add (false) steps without moving. Also, they forced the output voltage graph of an accelerometer to spell out an English world “WALNUT”, using a particular acoustic waveform.

The waveform can be secretly embedded within a soundtrack, which means an attacker could trick you into listening to an online song or watching a video in order to take control of your device’s accelerometer.

Hard disk DriveImage credit: Eric Gaba / Wikimedia Commons

In one of their latest tricks, they turned a hard drive into a microphone by tapping into a system that guides the location of the read head above the magnetic disk. The sound waves continuously strike the head, causing the vibrations to reflect in outputs (voltage signals) generated by the disk’s position sensor. Researchers used these readings to record human speech and music playing near the drive.

Safeguarding Computer Systems

Researchers proposed defenses against each attack they developed. For example, hard drive manufacturers can sign firmware cryptographically and use Transport Layer Security when distributing updates to prevent attacks.

They are still worried about the security systems that heavily relies on sensors, such as spacecraft, self-driving vehicles, and even temperatures controllers in embryo labs.

As per the report, industries shouldn’t just blindly trust such sensors. State agencies and big corporations need to take such threats into consideration, and computer scientists and physicists need to work together to avoid possible attacks in the future.

Read: Even Smartphone Batteries Can Reveal All Your Private Data

On the plus side, this is all just an academic exploitation of hard drive technology. It’s extremely difficult to bug users via their spinning rust.

Written by
Varun Kumar

I am a professional technology and business research analyst with more than a decade of experience in the field. My main areas of expertise include software technologies, business strategies, competitive analysis, and staying up-to-date with market trends.

I hold a Master's degree in computer science from GGSIPU University. If you'd like to learn more about my latest projects and insights, please don't hesitate to reach out to me via email at [email protected].

View all articles
Leave a reply