Acoustic Hacking: Stealing Data with Sound Waves
Posted: September 8, 2016 to Cybersecurity.
What do Tibetan monks, sophisticated hackers and famous rock stars all have in common? The ability to harvest soundwaves into power. Case in point: Israeli Video Researchers from the Negev Cyber Security Research Center at Ben-Gurion University discovered a MacGyver-esque way to syphon data from a PC to a mobile device using nothing but the noise that is generated from the disk drive. Though it sounds like a scenario straight out of a sci-fi spy thriller, hacker have discovered ways to audibly steal data from air-gapped computers using external devices such as microphones, printers and even thermostats. They have even used a computer’s fans and vibrations before. Fortunately for the paranoid, this type of cybertheft can be avoided by simply not using them. Disk drives, however? They might be a bit more difficult to omit. How it Works You are the unfortunate victim who somehow manages to get acoustic malware downloaded onto your PC. This malware will most likely be developed to search for key-logging type of data, such as finding passwords or encryption keys. When the program finds such data, it sends a message to the disk drive and tells it to run a fake “seek” function. The disk drive will just sound like random drive noise, but it is actually creating specific patterns and frequencies, in the form of binary code, that are then captured and interpreted by some sort of recording device/smartphone. Fortunately, there are limitations. Most disks now come equipped with automatic acoustic management (AAM) features whose purpose is to keep such acoustic attacks from happening by reducing “seek” noises on a computer. However, this test was successfully run on a computer whose AAM was set to the default mode. That being said, the device that is transcribing the binary code is only able to do so at a rate of 10,800 bits/hour, and the recording device must be within six feet of the computer. So it is not going to be a lot of data, but then again, hackers don’t need a lot of speed to steal encryption codes or passwords. Many hard disks now include a feature called that deliberately dampen seek noise to prevent attacks like these. The researchers say their tests were run with AAM on its default settings. Prevention There are, fortunately, ways to keep you and your business safe:- Only use solid state drives. While they are costlier, they are also more secure.
- Modify your AAM Settings. Make sure that the AAM values are correctly set so you will be alerted to anything suspicious.
- Ban Smartphones. This is very common and should be implemented in any secure area.
Protect Your Business Today
Petronella Technology Group has provided cybersecurity, compliance, and managed IT services from Raleigh, NC for over 23 years. Contact us today for a free consultation and technology assessment.
Need help implementing these strategies?
Our cybersecurity experts can assess your environment and build a tailored plan.
Get Free Assessment
![NIST CSF 2.0: What Changed, Why It Matters, and How to Update Your Cybersecurity Program [Video + Guide]](https://petronellatech.com/inc/modules/Blog/images/icons/1309.webp){kind=icon}
![Incident Response Planning: Build a Cyber Incident Response Plan That Actually Works in 2026 [Video + Guide]](https://petronellatech.com/inc/modules/Blog/images/icons/1312.webp){kind=icon}
![Email Security for Business: Stop Phishing, BEC, and Email-Based Attacks Before They Cost You Millions [Video + Guide]](https://petronellatech.com/inc/modules/Blog/images/icons/1314.webp){kind=icon}
![Network Segmentation Guide: How to Contain Breaches and Protect Critical Systems with Proper Network Design [Video + Guide]](https://petronellatech.com/inc/modules/Blog/images/icons/1315.webp){kind=icon}
