Attackers can use sound waves to interfere with a hard drive's normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations.

The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD's data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect.

Because hard drives store vasts amounts of information inside small areas of each platter, they are programmed to stop all read/write operations during the time a platter vibrates so to avoid scratching storage disks and permanently damaging an HDD.

The notion of using sounds to disrupt hard drive operations is not a new idea, being previously discussed in previous research dating back almost a decade.

Back in 2008, current Joyent CTO Brandon Gregg showed how loud sounds induce read/write errors for a data center's hard drives, in the now infamous "Shouting in a datacenter" video. Earlier this year, an Argentinian researcher demoed how he made a hard drive temporarily stop responding to OS commands by playing a 130Hz tone.

New research shows practicality of HDD acoustic attacks

Last week, scientists from the Princeton and Purdue universities published new research into the topic, expanding on the previous findings with the results of additional practical tests.

The research team used a specially crafted test rig to blast audio waves at a hard drive from different angles, recording results to determine the sound frequency, attack time, distance from the hard drive, and sound wave angle at which the HDD stopped working.

Acoustic DoS attack rig


Acoustic HDD attack rig


Researchers didn't have any difficulties in determining the optimum attack frequency ranges for the four Western Digital hard drives they used for their experiments.

They also argued that attackers wouldn't have any difficulties either when it comes to researching and discovering the attack ranges for the HDDs they want to target.

Attack ranges for four Western Digital HDDs

Researchers say that any attacker that can generate acoustic signals within the vicinity of HDD storage systems has a simple attack venue at his disposal for sabotaging companies or lone individuals.

Acoustic attacks can be delivered in multiple ways

The attacker can either apply the signal by using an external speaker or exploit a speaker near the target. Toward this end, the attacker may potentially take advantage of remote software exploitation (for example, remotely controlling the multimedia software in a vehicle or personal device), deceive the user to play a malicious sound attached to an email or a web page, or embed the malicious sound in a widespread multimedia (for example, a TV advertisement).

Once an attacker finds a method of delivering the acoustic attack, its results will vary based on a series of conditions.

For example, the closer the speaker is to the hard drive, the less time is needed to carry out the attack. The longer the attack lasts, the more chances are that it will cause a permanent denial of service that requires a device restart, instead of a temporary issue from which the device can recover by itself.

Further, attackers need to pay special attention that no human operators are in sight, as the attacks are in the audible range of the human ear, and victims could investigate the origin of the monotone sound and potentially links its presence to malfunctions in local devices.

The Princeton and Purdue researchers carried out acoustic attacks on the HDDs found in DVR (Digital Video Recorder) devices used for CCTV (Closed-Circuit Television) systems, but also on desktop computers running Windows 10, Ubuntu 16, and Fedora 27.

Attacks on CCTV systems

"After around 230 seconds from starting the acoustic attack, a pop-up warning window appeared on the monitor stating 'Disk lost!'," researchers said about their acoustic attack on DVR HDDs.

"After stopping the sound, we attempted to replay the recorded videos from four cameras and found out that recordings had been interrupted," researchers said. "The DVR had to be restarted to fix this issue, but the video footage was permanently lost."

Error on DVR system after HDD acoustic attack

Attacks on computers

A second experiment targeted desktop PCs. Researchers played a 9.1 kHz frequency sound from a 25-centimeter distance towards the case's airflow opening.

"This has caused various kinds of malfunctions on the running PC," the research team said, revealing that they even caused BSOD errors that crashed the underlying operating systems if they played the sound for more extended periods of times.

Results of acoustic attacks on computer HDDs

Acoustic protection of HDDs is needed

Most of these attacks relied on playing maliciously crafted sounds from close distances. But researchers don't view this as a problem. "Using more powerful sound sources can increase the
attack range accordingly," they said.

"The security of HDDs has been overlooked despite their critical role in computing systems. HDDs hold essential software components (e.g., the operating system) and various forms of sensitive information (e.g., camera footage in CCTVs), and thus, can be an appealing target for a plethora of attackers," researchers say.

There's little chance of seeing the mass exploitation of real-world devices using acoustic attacks on hard drives, as such scenario is likely impractical due to the multiple criteria an attacker needs to satisfy.

Nonetheless, acoustic attacks are inherently suitable for targeted attacks against carefully selected critical systems. For example, acoustic attacks can help nation-state sponsored attacks, aid with physical intrusions into secure systems, corrupt or sabotage forensics collection, or even cause loss of human life when attacking HDDs used by medical devices.

Just to explore a scenario not included in the research paper, an ATM malware gang can deploy an acoustic attack on an ATM to prevent it from temporarily collecting forensic evidence while fileless malware executes in the ATM's RAM and dispenses cash to attackers. This scenario and many more others exist.

Bleeping Computer readers can find out more about HDD acoustic attacks in a research paper titled "Acoustic Denial of Service Attacks on HDDs" by Shahrad et al.