Using sonic and ultrasonic soundwaves as a weapon, researchers can disrupt the read, write and storage functions of a hard disk drive (HDD). The method can also be used to crash the host operating system, and in some cases damage targeted drives.
Researchers said the attack can be performed by “nearby emitters” that target a computer’s HDD; so, the attacks could be performed by an adversary using inexpensive off-the-shelf speakers or could also be carried out via laptop or desktop speakers. In one scenario, a victim visits a website or receives a phishing message and a damaging ultrasonic tone plays.
The attack scenarios were outlined by researchers from the University of Michigan and Zhejian University in China. The group presented their research last week in San Francisco at the IEEE Symposium on Security and Privacy.
“Adversaries without special-purpose equipment can cause errors in the hard disk drive using either audible or ultrasonic acoustic waves. Audible waves vibrate the read/write head and platters; ultrasonic waves alter the output of the HDD’s shock sensor, intentionally causing the head to park,” according to the research paper entitled (PDF): How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems.
Both of these types of errors can lead to operating system-level or application-level problems, including persistent corruption and system reboots.
“Our experiments show that audible sound causes the head stack assembly to vibrate outside of operational bounds; ultrasonic sound causes false positives in the shock sensor, which is designed to prevent a head crash,” they wrote.
In one attack scenario against a PC with a Western Digital Blue WD5000LPVX drive, researchers exposed the drive to vibrations induced by a 5 kHz tone at 115.3 dB SPL and a 5 kHz tone at 117.2 dB SPL. Those noise levels are roughly equivalent to sound of a car horn, live rock music or chainsaw, according to a comparison chart hosted at a Purdue University website.
Prolonged exposure to those levels can cause “permanent data loss, program crashes and unrecoverable physical loss in HDDs.”
Tests were conducted on three different HDD manufacturers: Western Digital, Toshiba and Seagate. Attack scenarios also involved vibrations created by ultrasonic tones, which is sound that is created at a frequency higher than can be heard by humans (20 kHz and up).
“Ultrasonic attacks are less likely to cause a head crash, but could be damaging the drive in other ways such as causing the head to become unstable over time because of excessive parking,” researchers said.
In tests using a Toshiba HDD exposed to ultrasonic signals, researchers said they were able to make the HDD’s read/write head park in rapid succession on the hard disk platter, “possibly causing damage to the head controller.”
They added, “This instability could make the drive less reliable in its reads and writes, leading to sectors being marked as bad.”
A third type of attack targeted a HP Elite Minitower desktop PC equipped with an internal HP DC7600U speaker. Using the system’s own speaker, the proof of concept was able to cause intermittent freezing of the system running a Western Digital Blue WD5000LPVX HHD.
“For self-stimulation attacks, the victim accesses the adversary’s website — perhaps through a phishing attack or a link within a malicious email,” researchers wrote. “The site then plays malicious audio without permission over the system’s built-in speaker to attack the HDD. The frequency response of a built-in speaker may limit the ability for an adversary to deliver ultrasonic attacks, but some speakers may be able to deliver ultrasonic or near ultrasonic tones.”
The answer to why sound vibrations cause system interruptions and crashes varies. In one case, researchers analyzed the Windows 10 system crash dump files of a targeted computer. They were able to establish that the hardware driver called “miniport” was returning a device error that the OS could not handle properly.
“The operating system does not seem to handle this error correctly, leading to UNEXPECTED_STORE_EXCEPTION. This indicates that the memory manager required data from the disk, but was unable to write into memory because of an in-page I/O error,” researchers said.
Disproportionately vulnerable to these type attacks, say researchers, are older systems that still rely on legacy magnetic HHD technology. This is typically found in medical devices and other systems that are difficult to retire, such as CCTV surveillance camera storage, according to the paper.
As far as defenses, the researchers said that techniques include “mitigating attacks in vulnerable frequency bands with attenuation controllers, using sensor fusion to detect attacks, and noise dampening materials to attenuate the signal.”