Sonic and ultrasonic attacks damage hard drives and crash OSes
Sounds played over off-the-shelf or embedded speakers often require a reboot.
Attackers can cause potentially harmful hard drive and operating system crashes by playing sounds over low-cost speakers embedded in computers or sold in stores, a team of researchers demonstrated last week.
The attacks use sonic and ultrasonic sounds to disrupt magnetic HDDs as they read or write data. The researchers showed how the technique could stop some video-surveillance systems from recording live streams. Just 12 seconds of specially designed acoustic interference was all it took to cause video loss in a 720p system made by Ezviz. Sounds that lasted for 105 seconds or more caused the stock Western Digital 3.5 HDD in the device to stop recording altogether until it was rebooted.
The device uses flash storage to house its firmware, but by default it uses a magnetic HDD to store the large quantities of video it records. The attack used a speaker hanging from a ceiling that rested about four inches above the surveillance system’s HDD. The researchers didn’t remove the casing or otherwise tamper with the surveillance system.
“For such systems, the integrity of the recorded data is vital to the usefulness of the system, which makes them susceptible to acoustic interference or vibration attacks,” the researchers wrote in a paper titled “Blue Note: How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems.”
The technique was also able to disrupt HDDs in desktop and laptop computers running both Windows and Linux. In some cases, it even required a reboot before the PCs worked properly. The technique took as little as 45 seconds to cause a Dell XPS 15 9550 laptop to become temporarily unresponsive when it was exposed to a “self-stimulation attack”—meaning when the laptop played malicious audio over its built-in speaker. When the sound played for two minutes or more, the computer had to be rebooted for the drive to work properly again.
The technique works because audible sound can cause an HDD’s head stack assembly to vibrate outside of normal bounds. The vibrations push the head far enough from the center of the drive track to temporarily prevent writing. Ultrasonic sound, by contrast, can create false positives in an HDD’s shock sensor, which is designed to prevent a head crash. This causes a drive to unnecessarily park its head. Besides being used against computers and surveillance systems, the researchers said the attack might also target medical devices that use magnetic HDDs.
The research is largely esoteric, because there are already much easier ways to temporarily take down computers and embedded systems. Still, it raises the possibility that, one day, attackers may have a new means to perform denial-of-service attacks. The researchers, who demonstrated the technique at last week’s IEEE Symposium on Security and Privacy, have proposed several methods for detecting and preventing the attacks, some of which can be implemented with simple firmware tweaks.