08 Sep 2016

SoundwaveCodeWhat do Tibetan monks, sophisticated hackers and famous rock stars all have in common?

The ability to harvest soundwaves into power.

Case in point: Israeli Video Researchers from the Negev Cyber Security Research Center at Ben-Gurion University discovered a MacGyver-esque way to syphon data from a PC to a mobile device using nothing but the noise that is generated from the disk drive.

Though it sounds like a scenario straight out of a sci-fi spy thriller, hacker have discovered ways to audibly steal data from air-gapped computers using external devices such as microphones, printers and even thermostats. They have even used a computer’s fans and vibrations before. Fortunately for the paranoid, this type of cybertheft can be avoided by simply not using them. Disk drives, however? They might be a bit more difficult to omit.

How it Works

You are the unfortunate victim who somehow manages to get acoustic malware downloaded onto your PC. This malware will most likely be developed to search for key-logging type of data, such as finding passwords or encryption keys. When the program finds such data, it sends a message to the disk drive and tells it to run a fake “seek” function. The disk drive will just sound like random drive noise, but it is actually creating specific patterns and frequencies, in the form of binary code, that are then captured and interpreted by some sort of recording device/smartphone.

Fortunately, there are limitations. Most disks now come equipped with automatic acoustic management (AAM) features whose purpose is to keep such acoustic attacks from happening by reducing “seek” noises on a computer. However, this test was successfully run on a computer whose AAM was set to the default mode.

That being said, the device that is transcribing the binary code is only able to do so at a rate of 10,800 bits/hour, and the recording device must be within six feet of the computer. So it is not going to be a lot of data, but then again, hackers don’t need a lot of speed to steal encryption codes or passwords.

Many hard disks now include a feature called that deliberately dampen seek noise to prevent attacks like these. The researchers say their tests were run with AAM on its default settings.

Prevention

There are, fortunately, ways to keep you and your business safe:

  1. Only use solid state drives. While they are costlier, they are also more secure.
  2. Modify your AAM Settings. Make sure that the AAM values are correctly set so you will be alerted to anything suspicious.
  3. Ban Smartphones. This is very common and should be implemented in any secure area.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top