Speaking at the Ekoparty security conference in Buenos Aires, Argentina, security researcher Alfredo Ortega has revealed that you can use your hard disk drive (HDD) as a rudimentary microphone to can pick up nearby sounds.
This is possible because of how hard drives are designed to work. Sounds or nearby vibrations are nothing more than mechanical waves that cause HDD platters to vibrate.
By design, a hard drive cannot read or write information to an HDD platter that moves under vibrations, so the hard drive must wait for the oscillation to stop before carrying out any actions.
Because modern operating systems come with utilities that measure HDD operations up to nanosecond accuracy, Ortega realized that he could use these tools to measure delays in HDD operations.
The longer the delay, the louder the sound or the intense the vibration that causes it. These read-write delays allowed the researcher to reconstruct sound or vibration waves picked up by the HDD platters.
"It's not accurate yet to pick up conversations," Ortega told Bleeping Computer in a private conversation. "However, there is research that can recover voice data from very low-quality signals using pattern recognition."
"I didn't have time to replicate the pattern-recognition portion of that research into mine. However, it's certainly applicable. For that reason, I would not discard that additional data like voice could be recovered in the future," the researcher added.
Asked how he came up with the idea to turn his hard drive into a microphone, Ortega answered.
"It was known that sound will interfere with hard-disk operations. There are limits of vibration in the specs of many hard disks. That's why they are often mounted in vibration-proof enclosures made of rubber or other isolation material.
"From that, it was easy to deduce that they can be used to detect sound. I didn't expect that the delay response was proportional to the sound power, though. That made it a much better microphone that I expected."
Below is a video the expert recorded for his Ekoparty talk, showing how a hard drive picks up a song from a nearby speaker.
But Ortega didn't limit his experiments to picking up sounds. The researcher also looked into how audio waves affect a hard drive's mode of operation.
The researcher says that an attacker can use sound waves to launch a resonance attack against an HDD. These types of attacks can result in the hard drive stopping any read-write operations (DOS — Denial of Service) or in physical damage to the device.
In another video the researcher recorded, he played a 130Hz tone to make an HDD stop responding to commands. "The Linux kernel disconnected it entirely after 120 seconds," Ortega said.
These types of attacks — or more exactly accidents — have happened in the real world. In September 2016, a fire drill that involved inert gas deployment caused ING Bank's main data center in Bucharest, Romania to go down for around ten hours.
The noise resembling a loud whistle caused by the inert gas deployment triggered an unexpected resonance attack that damaged data center hard drives and stopped the bank's operations across Romania — including ATM withdrawals, PoS payments, and web and mobile banking applications.
"I'm aware of the Romanian bank incident," Ortega told Bleeping. "The attack in my talk used resonance to amplify vibrations, so it only needs a very low volume to cause the same effect. However, with enough energy, any sound will interfere with a spinning hard-disk."
Similarly, we couldn't write this article without mentioning the infamous "Shouting in the Datacenter" video recorded in Sun's data center back in 2008, when Brendan Gregg showed the world for the first time that sound can cause read-write errors in HDDs.
The work Ortega did researching this topic will soon be included in a research paper the researcher plans to publish in the near future.