SoylentNews is people
SoylentNews
Sounds from your hard disk drive can even be used to steal a PC's data | PCWorld
Submitted via IRC for crutchy
Researchers have found a way to steal a PC's data by using the mechanical noise coming from the hard disk drives inside.
New Air-Gap Jumper Covertly Transmits Data in Hard-Drive Sounds
Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of sensitive information it stores.
The method has been dubbed "DiskFiltration" by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive's actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data. By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes.
[...] Besides working against air-gapped computers, the covert channel can also be used to steal data from Internet-connected machines whose network traffic is intensively monitored by intrusion prevention devices, data loss prevention systems, and similar security measures. The technique is documented in a technical paper titled DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise, which was published Thursday night. Guri and the other Ben-Gurion University researchers who devised the covert channel created the video demonstration below.
The techniques are effective, but their utility in real-world situations is limited. That's because the computers they target still must be infected by malware. If the computers aren't connected to the Internet, the compromise is likely to be extremely difficult and would require the help of a malicious insider, who very well may have easier ways to obtain data stored on the machine. Still, the air-gap jumpers could provide a crucial means to bypass otherwise insurmountable defenses when combined with other techniques in a targeted attack.
[...] The most effective way to prevent DiskFiltration-style data exfiltration is to replace hard drives with solid-state drives, since the latter aren't mechanical and generate virtually no noise. Using particularly quiet types of hard drives or installing special types of hard drive enclosures that muffle sound can also be an effective countermeasure. It may also be possible to jam hard-drive signals by generating static noise. Intrusion prevention systems may also be programmed to detect suspicious hard-drive seek patterns used to create the transmissions. Yet another solution is to isolate air-gapped computers from smart phones and other devices with a microphone.
(Score: 3, Interesting) by Runaway1956 on Saturday August 13 2016, @08:40PM
If you can install an electronic device within six feet of the hard drive, why not just mount a frigging camera that can see both the screen and the keyboard? And, cameras can be mounted hundreds of feet away (assuming an open line of sight).
(Score: 3, Informative) by maxwell demon on Sunday August 14 2016, @05:34AM
Cameras have the disadvantage that if they can see, they also can be seen. You may be able to camouflage them, but you cannot truly hide them. So they can be found by carefully looking around. As bonus, you only have to look at places with line-of-sight to the keyboard/screen. Audio bugs, on the other hand, can easily be hidden out of sight.
Also, if you use the screen to display data for your camera, and someone happens to see the screen at that time, there will be guaranteed immediate suspicion. Few people will get suspicious when hearing hard drive noise. Note that the data you are after may not ever be entered on the keyboard or displayed on the screen during normal operation. For example, think of an RSA private key. The user will enter the password for the key, but without the key itself, the password is useless. And if you display that on the screen and someone sees that, it will get guaranteed immediate suspicion.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Runaway1956 on Sunday August 14 2016, @03:10PM
Good answer for "why not a camera". I started trying to form objections to your answer, but bottom line is, no matter how small the camera gets, it CAN be found. Make it small enough, it can be very hard to find, but a determined person will find it.