14 DAY TRIAL // DiskFiltration is the name of a new attack devised by researchers from the Ben-Gurion University in Israel that records and interprets the sounds made by a computer's hard drive.
The new attack is meant to be used to steal data from air-gapped systems that can't be reached via the Internet.
The presence of a malicious insider is still required in order to install malware on the target PC and to place a smartphone or microphone that records the sounds emanated by the computer's hard disk drive (HDD).
HDD sounds are meant to create binary ones and zeros
The technique doesn't work with the regular HDD sounds that come from read-write operations, but only from moving the HDD laser head (actuator) to specific positions, in an operation called "seeking."
The malware's role is to gather data from the infected target, such as cryptographic keys, passwords, or other information, and then move the HDD actuator in order to produce mechanical sounds.
The wavelengths of the produced sounds are meant to represent 1s and 0s in binary language. The nearby recording device, which can be a smartwatch, laptop, mobile phone, or any other device with audio-recording features, will save the data or send it to the attacker.
The attack takes "ages" to steal data
Because of its mode of operation, the attack only works on classic HDD, and not on newer storage drives based on SSD and SSHD technologies, which don't rely on disk plates and disk reading heads.
The other downside is that, because data is sent out as 1s and 0s, it takes a considerable amount of time to relay even basic details such as a password. According to the researchers, the DiskFiltration attack can send 180 bits/minute and at a distance of up to two meters (six feet).
As such, DiskFiltration is nothing more than a theoretical attack, with little applicability in the real world.
Similar attacks have been created in the past, some of them by the same team even. This includes Fansmitter attack (by the same team) that can steal data via the sounds emanated by a computer's GPU fan; BitWhisper attack (by the same team) that can steal data using the heat given off by a computer's internal components; but also attacks that use a computer's coil whine noise and electromagnetic field.
Below is a short video describing the attack, but more details can be found in the paper: DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise.
