Security researchers do not rest, as they strive to protect us from hackers. A recent study by researchers has revealed an attack method a hacker could use to extract data from the hard drive of an air-gapped computer. The method they discovered exploits the noise a hard drive emits. The noise is very clear over short distances.
The team of experts who made the discovery is from a cybersecurity research center at the Ben-Gurion University of the Negev in Israel. The researchers dubbed the new attack method “DiskFiltration”.
As mentioned earlier, DiskFiltration takes advantage of the noise a hard disk drive emits. HDDs emit acoustic signals, in the form of noise, which is caused by the movement of the actuator in the hard drive.
The actuator is a mechanical arm in the HDD that has heads that read and write data. The actuator moves in very particular ways, and the noise it produces in the process can potentially leak passwords, cryptographic keys and other data stored in the HDD to a microphone located nearby.
To carry out DiskFiltration, a hacker can inject malware into the target computer, to seek operations. The attacker could design the malware to cause the actuator arm to move along a different track. The attacker can translate the start and stop sequence of the arm to 0s and 1s. Binary figures represent bits of data.
The attacker would need a device, say a smartphone or laptop, to pick the emitted signals from the infected computer. The researchers picked 180 bits per minute transfer rate over a 6 feet distance during their experiments. Both internal HDDs and External HDDs are vulnerable to the attack.
An attacker cannot use DiskFiltration to obtain data from a Solid State Drive (SDD). SDDs use memory chips instead of disk platter to store data. Therefore, access to data requires no actuator. SDDs still produce some acoustic noise because of the rotation of the motor. But the acoustic waves produced by the motor cannot leak any data neither is the rotation susceptible to manipulation via software.
Air gapped computers are considered very safe from data breaches. Air gapping a computer means isolating all of its components from the internet. Organizations air-gap computers used to store data to protect them from remote hacking. Anything that connects to the internet is vulnerable to infiltration. Nonetheless, over the past few years, researchers have proved air-gapped computers are not as safe as we think.