I'll file this in the ...
...Interesting, but ultimately useless, use of human endeavour.
Don't these chaps have something better to do with their time?
It's not just the walls that have ears. It's also the hard drives. Eggheads at the University of Michigan in the US, and Zhejiang University in China, have found that hard disk drives (HDDs) can be turned into listening devices, using malicious firmware and signal processing calculations. For a study titled "Hard Drive of …
Ok I doubt the National Aeronautic Space Administration, has much in the way of love for spining rust... Sans the planetary body known as Mars, and then I'm sure only the finest 3D TLC Flash will ever be good enough for that lot.
Otherwise what the flying flip do that buch of commies a.k.a the Fair Labor Standards Act, even care? Are do you think they're trying to push for more pay to the poor smucks stuck glued at a desk somewhere, in Chengdu, who will be repeatedly soldering the same SMD, to the same spot on your <INSERT DEVICE> for the next Five Months?
It's a good example of how you can use a sensor - sensors are everywhere. Suppose you don't like Google listening to your cellphone microphone ... and you disable it. Feel safe now? .... But the phone still has an accelerometer so it can still listen to you if you take the same approach as they are documenting here.
I'm slowly reminded by that scene in 2001 again now. where they cut the Mic to the HAL9k, but, lol they forgot that Hal could read lips... (Or so it was explaind at the time...), But nope this was how HAL managed to get up on that Tab.
*Termanator cause its the only thing to have a(n) red eye(s).
It's a good example of how you can use a sensor - sensors are everywhere.
This! You have summed up the utility of this research perfectly. The experiment is merely a proof of concept that points out an entirely new class of exploit. While the implementation may vary from device to device, it is likely that the same code used for signal filtering can be reused across many.
an entirely new class of exploit
Technically, it's a new class of vulnerability. And even then "new class" is debatable (and I certainly wouldn't go with "entirely new") - sensor side channels are well-known, as a class. This is good research, but it's really adding to the existing body of research on sensor-based side-channels in commodity IT hardware.
And, as you say, the signal processing (while also a well-understood area) can likely be reused with other side channels.
And it doesn't hurt to have Yet Another reminder that side channels are everywhere.
It might be worth watching out for capacitance and impedance also. I used to work on the servo-writers that create the tracks used by hard drive PES systems, and the capacitance gauges we used to error-map them were capable of picking up a lot of other stuff. Maybe it's possible to turn a touchscreen into a microphone.
Since it's Uni researchers, it's most like Phd candidates working on their thesis papers for a degree
Speculation is fun (I suppose), but I happen to have access to a marvelous world-wide collection of all sorts of information.
Wong is a PhD student at University of Michigan, but he's only in his second year - too early to be working on his dissertation. (Since this is a US university, it'd be a dissertation for the PhD, not a "thesis".) Which is not to say that it won't eventually become part of that dissertation, of course; dissertations in CS at US universities are often fix-ups of a handful of refereed articles or conference presentations.
Fu is an Associate Professor at U of M, and Xu is a professor of some rank at Zhejiang University.
More importantly, this is perfectly good research, despite itzman's anti-intellectual posturing.
"I wouldn't dismiss it altogether, given the number of numpties I've had to work with in the past who were apparently unclear on the whole "indoor voice" thing..."
I wonder if the same technique can be used in reverse. The "voices" come out of the PC, but so faintly that only the one person can hear them. "Yes, yer Honour, the voices made me do it"
If my PC gets hijacked I think that the data on it is very much more interesting to the miscreant then trying to find out what I'm saying, which is frankly of no interest to most people.
If we're talking about espionage, a good directional microphone or a bug are time-honored procedures with a very good success rate.
And you can even hear whispers with those.
"Not to forget being in a sealed box under a desk. A pro grade microphone would struggle to record audio under those circumstances."
I still see lots of "pizza box" PCs on the desktop with the screen on top of it. There's also lots of NUC-alikes out there now, mainly but not always mounted on the back of the screen. But as suggested in the article many new PCs come with SSDs, which most NUC-alikes generally come with although I've seen quite a few with 1TB 2.5" spinners.
"These extremely precise measurements are sensitive to vibrations caused by the slightest fluctuations in air pressure, such as those induced by human vocalizations," the paper explained.
I was under the impression that Hard Drives generally weren't 'exposed' to room air pressure and were specifically 'sealed' against it - how then would 'any' fluctuations in air pressure arrive at the read/write head to be detected in the first place.
Unless you were maybe speaking via a megaphone directly at the drive.
No, they are sealed against dust, but have a moving diaphragm thingie to equalise the inside pressure to room pressure: https://superuser.com/questions/368774/what-is-the-purpose-of-the-holes-marked-do-not-cover-on-hard-drives
Back in the 80s there were programs that played tunes on Floppy drives*. I distinctly recall the idea of spinning a floppy and examining the tracks for evidence of response to sound waves being discussed in lectures. No idea how academia works nowadays, but a lecturer basically said "rather than asking, why not do it ?"
We didn't, but it might have been a final year project the next year ...
*although the owners reaction to the tortured sounds was more amusing.
ACT Sirius One / Victor 9000 5.25" floppy got 1.2M bytes when Apple was 100K and IBM about 360K. It varied the speed as then much more can be recorded on the outer tracks. I think there was a competition to do a tune.
It certainly made the IBM PC look like junk (which reached UK at the same time as the Sirius 1).
Really this isn't a realistic threat, though interesting research.
using a hard disk's read/write head as a crude sounds generator
Does anyone remember the old ACT floppy disk drives that used primitive* RLL (Run Length Limited) technology to maximise storage?
Basically the drives spun faster when the heads were at the outside edges and slower at the inside altering the sound. They were commonly known as "musical disk drives" but I'm not sure if anyone ever exploited this.
*HD implementations would vary the transfer rates at the drive heads to achieve the same effect. A 20MB** drive would store around 32MB, so worthwhile.
**For the younger readers MB is not a mistyping!
This is exactly the sort of thing the NSA would have figured out 20 years ago, back when everyone had a hard drive in their PC. Increasingly useless knowledge today though, when PCs shipping with hard drives are a dying breed, or at least should be.
20 years ago the head positioning wouldn't have been anywhere as small as nanometres so even with the volume at 12 you probably won't get enough head vibration to be detectable. Also, I doubt that firmware was downloadable then, more likely to be burnt into ROM. If intercepting the drives somewhere at the manufacturing/distributing stage, why bother doing something to use the drive as a microphone as opposed to fitting it with a small condenser mic?
More shocking still that computer security is so bad that something as fundamental as the firmware in your hard drive can be overwritten without your consent / or being alerted by your BIOS. If only the secure by design philosophy were present at the firmware / hardware level. I guess the reason it's not is intentional - i.e. they don't want us having security.
"20 years ago the head positioning wouldn't have been anywhere as small as nanometres so even with the volume at 12 you probably won't get enough head vibration to be detectable."
ISTR my first ever 20MB HDD from Seagate was sold with the benefit that it used "voice coil technology".
Not sure if this is relevant in any way though.
of our multi-rack HPC, which requires PPE mitigations just to work in the same room alongside it, I'm surprised that spinning disk storage works at ALL!
Rather like the comparison one can make between the energy transfer in the hair cells of the cochlea and the amount of thermal noise from hot blood passing nearby, or working out how stereo-location could possibly work given that neuronal spikes require ~7ms minimum per pulse and the speed of sound in air means that there's just a 700µs time difference for sound arriving at each ear. (Actually, that's achieved in a very clever way indeed - evolution is incredible sometimes).
Despite the impracticality of this particular rusty endeavour, malware hiding in the firmware of system devices is one of the really nasty things in the security space. HDDs are especially unpleasant, given their ability to monitor what the user is doing (provided they're not using disk encryption) and control the machine through the modification of the filesystem. They also have plenty of space to stash juicy bits of data away from prying eyes and would be exceptionally difficult to catch in the act. You can forget about disinfecting them without specialist tools.
El Reg have previously spoken about Sprite's piece on this, but I will link it again. Well worth a read. http://spritesmods.com/?art=hddhack
I would think that very few organizations/people that have anything worth encrypting would fail to do so. It is a prominent option when setting up a Linux user account in most distros I believe. I have been doing it for my various PC setups for a while now (and that's just personal use by an old retiree).
Sigh. This old fallacy again? Anyone interested enough to target a particular individual will get the keys for the signature one way or another (and in some cases the vendor will assist creating the malware, e.g. Chinese companies under state order), and if widespread attack is desired again somehow they keys will be obtained or a bypass found.
It's time we looked past "one key unlocks millions of computers" vendor signing stuff. In fact stated that way it really sounds like a back door of sorts, no? Not in a remote access sense per se, but in the sense of having a lock on a door of your house that you can't control...
Icon 'cause it represents how such critical keys are normally handled in commercial operations...pasted on a sticky note on the boss's secretary's desk.
Biting the hand that feeds IT © 1998–2020