Header Ads

New Hack Uses Hard Drive's Noise to Transfer Stolen Data from Air-Gapped Computer

Researchers have devised a new method to steal data from an infected computer even if it has not been physically connected to the Internet for preventing the computer to leak sensitive information stored in it.

Air-gapped computers that are isolated from the Internet and other computers are long considered to be the most secure and safest place for storing data in critical infrastructures such as industrial control systems, financial institutions, and classified military networks.

Ignoring the fact that how an air-gapped computer got infected with malware in the first place, the new research focused on, once infected, how the malware would be able to transfer data (passwords, cryptographic keys, keylogging data, etc.) stored on an air-gapped computer, without network, the Internet, USB port, Bluetooth, speakers, or any electronic device connected to it.

A team of researchers from Ben-Gurion University published their finding in a paper titled, "DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise," explaining a unique technique that uses acoustic signals (or sound signals) emitted from the hard disk drive (HDD) of the targeted air-gapped computer to transfer the stolen data.

You might have felt something spinning and generating weird noise while your computer reads or writes data on a storage hard drive.That’s the voice coil "actuator" inside your hard drive, which moves on the disk plate while accessing specific parts/blocks of the storage.

As demonstrated, the researchers used their malware to manipulate the movements of the actuator in very specific way to generate acoustic noise (like morse code) that they interpreted into binary data using a smartphone app from six feets away, at a speed of 180 bits per minute, Ars reported.

"The idle acoustic noise emitted from disk rotation is static and cannot be controlled by software," the paper explains.
"In order to modulate binary data, we exploit the seek acoustic noise generated by the movements of the actuator. By regulating (starting and stopping) a sequence of seek operations, we control the acoustic signal emitted from the HDD, which in turn can be used to modulate binary 0 and 1."

According to the paper, this technique is fast enough to transmit a 4,096-bit key within 25 minutes through manipulated sound signals emitted from the hard disk drive.

As a workaround, researchers advised to replace the HDDs (Hard Disk Drives) with SSDs (Solid State Drives) to eliminate the DiskFiltration-style threat, since SSDs are not mechanical, thus generating virtually no noise.

It’s evident that in real-world situations, this technique is useless until we do not have an effective way to install malware remotely on an air-gapped computer at the first place, or an insider to help an attacker to get malware installed on the targeted computer using a USB.

Source: ArsTechnica

No comments

blogmytuts. Powered by Blogger.