Just about anytime you think you and your computer are safe from hackers and security weaknesses, some bizarre, unexpected method or flaw gets discovered. Case in point: security researchers have come up with a way to steal data from a computer’s hard drive just by listening to the sounds it makes. Not only can information be transmitted without a users’ knowledge, but their computer doesn’t even need to be connected to the internet.
Called DiskFiltration, the hack works by taking control of a hard drive’s actuator, or the arm that moves back and forth across the platters when reading and writing data. These movements make various noises — the kind you usually hear when first booting up a desktop PC.
If a hacker is able to install the right type of malware, those sounds can be used to transmit data to a nearby device that knows what to listen for, including a smartphone.
The researchers note that DiskFiltration has several limitations, such as the listening device needing to be within six feet, and a data rate of only 180 bits per minute at best. It’s incredibly impractical for large amounts of data, but it can still be used to record a complex encryption key in less than 30 minutes.
Aside from not falling victim to the malware installation, solid-state drives are another guaranteed way to prevent this from happening, as they have no moving parts. Then again, it’s unlikely to come across someone trying to pull something like this off.
SOURCE Cornell University Library