Teams from The University of Michigan and and Zhejian University in China have shown how acoustic attacks from off the shelf speakers can be used to crash magnetic hard disk drives, the latest example of physics-based attacks on common hardware.
Add sonic attacks to the list of threats to critical IT systems. Researchers have shown that targeted acoustic interference can both disrupt and cause damage to magnetic hard disk drives using nothing more than built-in speakers or other sound emitting devices.
Targeted sonic and ultrasonic interference poses a challenge for older-style magnetic disks and could affect a wide range of systems, including medical devices and safety critical systems, where magnetic disks are still commonly used. This according to the researchers at The University of Michigan and and Zhejian University in China, who presented the results of their research at the IEEE Symposium on Security and Privacy in San Francisco.
The research (PDF) is just the latest to assess the risk of physics-based attacks on IT systems. In controlled experiments, researchers demonstrated how sonic and ultrasonic interference can force the critical components of magnetic hard drives to vibrate outside of operational bounds. Using acoustic “attacks,” they falsely triggered built in shock sensors that protect the drive from damage caused by dropping.
[You should also read: Researchers Warn of Physics-Based Attacks on Sensors]
The researchers used an audio receiver and speakers to create acoustic signals and an RF Vector Signal Generator to create ultrasonic signals. They measured affects of the signals at various frequencies on hard disk drives including a loss of throughput, program crashes and disruption of reads and writes to the hard disk drive.
For example, in one experiment conducted by the research teams, a 5 kHz acoustic wave striking a hard drive chassis from above at 120 decibels of sound pressure (dB SPL). Models developed by the team estimate that such an attack would create a maximum disk displacement of about 33 nm horizontally and 156 nm vertically, while estimating maximum read/write head displacement of 9 nm horizontally and 112 nm vertically.
“These displacements push the drive outside of its operational bounds for reading and writing. In addition, these numbers show the possibility of the read/write head crashing into the disk,” the researchers found.
Other attacks exploited the physical properties of the drive hardware such as its “resonant frequency” – a kind of natural frequency of vibration that physical objects have. By playing audible sounds that match that resonant frequency, the researchers generated vibrations that disrupted the operation of the disk, according to Connor Bolton, a graduate research assistant at University of Michigan, and one of the team of researcher who conducted the acoustic attack research. That caused the drive to vibrate outside of its operational limits.
While such vibrations aren’t huge, even small alterations in the operation of the physical drive can have large consequences in the operation of the device, because operating systems and software applications that run on top of them assume that hard drive hardware will operate as intended, he noted.
In other experiments, researchers were able to use sound waves to trigger the piezo shock sensors or MEMS capacitive accelerometers that are common in most modern HDDs to prevent them from being damaged when accidentally dropped. By fooling the accelerometers with sonic attacks, the researchers activated the shock sensor and induced a total loss in read/write capability on the affected hard drive.
The sonic attacks are merely proof of concept, but researchers warn that the could be easily reproduced and without the need of specialized equipment.
“We just used a $20 speaker and a Sony speaker amplifier that you might see in your home,” Bolton said.
That means a would be attacker could leverage equipment that is already deployed in environments they are targeting. Sonic induced interference may be more common than is realized, Bolton said. In one known incident in 2016, he said, it is believed that noise from a bank’s fire alarm system may have interfered with hard drives in a data center, causing an outage.
Magnetic hard disk drives are marvels of engineering, Bolton said, but drive makers generally haven’t considered acoustic and sonic attacks as a threat. “There’s never an idea of an adversary who would intentionally induce these attacks,” he said.
Accidental acoustic attacks are unlikely, Bolton said. The amplitude of sound needed to carry out a successful attack is such that accidental interference is unlikely. Resonant frequency attacks must be precisely controlled, while naturally occurring sounds would not typically be so focused.
For the time being, consumers don’t need to fear sonic attacks. However, security sensitive firms should have it as part of their threat landscape – especially when relying on co-located hosts, he said. Tools to measure ambient sounds could pick up ultrasonic attacks or other strange patterns of sounds in a sensitive IT environment.
Bolton said the researchers have been in touch with the manufacturer of the drive they tested and that the vendor is working on mitigations.
This is just the latest research of its kind to come out of The University of Michigan. In January, researchers from University of Michigan, led by Dr. Kevin Fu, published an article with Wenyuan Xu of Zhejiang University that showed how analog signals such as sound or electromagnetic waves can be used as part of “transduction attacks” on sensors that could spoof data by exploiting the physical properties of the sensors.
In an interview with The Security Ledger, Fu said his team’s work underscores that a “return to classic engineering approaches” is needed to cope with physics based attacks on sensors and other embedded devices, including a focus on system-wide (versus component-specific) testing and the use of new manufacturing techniques to thwart certain types of transduction attacks.