Stories
Slash Boxes
Comments

SoylentNews is people

New Air-Gap Jumper Covertly Transmits Data in Hard-Drive Sounds

posted by janrinok on Saturday August 13 2016, @06:57PM   Printer-friendly
from the listen-to-your-data dept.

Sounds from your hard disk drive can even be used to steal a PC's data | PCWorld

MrPlow writes:

Submitted via IRC for crutchy

Researchers have found a way to steal a PC's data by using the mechanical noise coming from the hard disk drives inside.

Source: http://www.pcworld.com/article/3107209/security/sounds-from-your-hard-disk-drive-can-even-be-used-to-steal-a-pcs-data.html

New Air-Gap Jumper Covertly Transmits Data in Hard-Drive Sounds

Arthur T Knackerbracket has found the following story:

Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of sensitive information it stores.

The method has been dubbed "DiskFiltration" by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive's actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data. By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes.

[...] Besides working against air-gapped computers, the covert channel can also be used to steal data from Internet-connected machines whose network traffic is intensively monitored by intrusion prevention devices, data loss prevention systems, and similar security measures. The technique is documented in a technical paper titled DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise, which was published Thursday night. Guri and the other Ben-Gurion University researchers who devised the covert channel created the video demonstration below.

The techniques are effective, but their utility in real-world situations is limited. That's because the computers they target still must be infected by malware. If the computers aren't connected to the Internet, the compromise is likely to be extremely difficult and would require the help of a malicious insider, who very well may have easier ways to obtain data stored on the machine. Still, the air-gap jumpers could provide a crucial means to bypass otherwise insurmountable defenses when combined with other techniques in a targeted attack.

[...] The most effective way to prevent DiskFiltration-style data exfiltration is to replace hard drives with solid-state drives, since the latter aren't mechanical and generate virtually no noise. Using particularly quiet types of hard drives or installing special types of hard drive enclosures that muffle sound can also be an effective countermeasure. It may also be possible to jam hard-drive signals by generating static noise. Intrusion prevention systems may also be programmed to detect suspicious hard-drive seek patterns used to create the transmissions. Yet another solution is to isolate air-gapped computers from smart phones and other devices with a microphone.

Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
New Air-Gap Jumper Covertly Transmits Data in Hard-Drive Sounds | Log In/Create an Account | Top | 20 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Saturday August 13 2016, @07:46PM

    by Anonymous Coward on Saturday August 13 2016, @07:46PM (#387598)

    Come on, really? Air-gapped but already infected ... and the listening device has to be within six feet ... and the listening device needs to be able to tell the difference between this "morse code for infected disk drives" and all other background noise including the sound of the keyboard ... and you can have only one infected computer within the six feet or the listening device might get confused ... and someone needs to enter secure data or a password while you and/or your listening device is within six feet ... and you need physical access to the air-gapped computer once you've glommed the super secret code via dial filtration in order to be able to use it ...

    Oh please, just give me a fucking break.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1  

  • (Score: 2, Informative) by Anonymous Coward on Saturday August 13 2016, @07:49PM

    by Anonymous Coward on Saturday August 13 2016, @07:49PM (#387600)

    Hey, they got a paper out of it, that's all that counts.

  • (Score: 3, Touché) by Whoever on Saturday August 13 2016, @08:33PM

    by Whoever (4524) on Saturday August 13 2016, @08:33PM (#387609) Journal

    And what's the bandwidth?

    • (Score: 0) by Anonymous Coward on Saturday August 13 2016, @11:52PM

      by Anonymous Coward on Saturday August 13 2016, @11:52PM (#387654)

      Sorry, but Kenneth isn't here right now.

  • (Score: 3, Interesting) by Runaway1956 on Saturday August 13 2016, @08:40PM

    by Runaway1956 (2926) Subscriber Badge on Saturday August 13 2016, @08:40PM (#387611) Journal

    If you can install an electronic device within six feet of the hard drive, why not just mount a frigging camera that can see both the screen and the keyboard? And, cameras can be mounted hundreds of feet away (assuming an open line of sight).

    • (Score: 3, Informative) by maxwell demon on Sunday August 14 2016, @05:34AM

      by maxwell demon (1608) on Sunday August 14 2016, @05:34AM (#387757) Journal

      Cameras have the disadvantage that if they can see, they also can be seen. You may be able to camouflage them, but you cannot truly hide them. So they can be found by carefully looking around. As bonus, you only have to look at places with line-of-sight to the keyboard/screen. Audio bugs, on the other hand, can easily be hidden out of sight.

      Also, if you use the screen to display data for your camera, and someone happens to see the screen at that time, there will be guaranteed immediate suspicion. Few people will get suspicious when hearing hard drive noise. Note that the data you are after may not ever be entered on the keyboard or displayed on the screen during normal operation. For example, think of an RSA private key. The user will enter the password for the key, but without the key itself, the password is useless. And if you display that on the screen and someone sees that, it will get guaranteed immediate suspicion.

      --
      The Tao of math: The numbers you can count are not the real numbers.

      • (Score: 2) by Runaway1956 on Sunday August 14 2016, @03:10PM

        by Runaway1956 (2926) Subscriber Badge on Sunday August 14 2016, @03:10PM (#387864) Journal

        Good answer for "why not a camera". I started trying to form objections to your answer, but bottom line is, no matter how small the camera gets, it CAN be found. Make it small enough, it can be very hard to find, but a determined person will find it.

  • (Score: 3, Funny) by Runaway1956 on Saturday August 13 2016, @08:48PM

    by Runaway1956 (2926) Subscriber Badge on Saturday August 13 2016, @08:48PM (#387614) Journal

    "Oh please, just give me a fucking break."

    https://pics.onsizzle.com/when-you-need-a-fucking-break-from-the-perils-of-3120751.png [onsizzle.com]

  • (Score: 0) by Anonymous Coward on Sunday August 14 2016, @07:30AM

    by Anonymous Coward on Sunday August 14 2016, @07:30AM (#387785)

    Oh please, just give me a fucking break.

    I see what you did there.