Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Data Storage Privacy Security Hardware Science Technology

Researcher Turns HDD Into Rudimentary Microphone (bleepingcomputer.com) 65

An anonymous reader writes from Bleeping Computer: Speaking at a security conference, researcher Alfredo Ortega has revealed that you can use your hard disk drive (HDD) as a rudimentary microphone to pick up nearby sounds. This is possible because of how hard drives are designed to work. Sounds or nearby vibrations are nothing more than mechanical waves that cause HDD platters to vibrate. By design, a hard drive cannot read or write information to an HDD platter that moves under vibrations, so the hard drive must wait for the oscillation to stop before carrying out any actions. Because modern operating systems come with utilities that measure HDD operations up to nanosecond accuracy, Ortega realized that he could use these tools to measure delays in HDD operations. The longer the delay, the louder the sound or the intense the vibration that causes it. These read-write delays allowed the researcher to reconstruct sound or vibration waves picked up by the HDD platters. A video demo is here.

"It's not accurate yet to pick up conversations," Ortega told Bleeping Computer in a private conversation. "However, there is research that can recover voice data from very low-quality signals using pattern recognition. I didn't have time to replicate the pattern-recognition portion of that research into mine. However, it's certainly applicable." Furthermore, the researcher also used sound to attack hard drives. Ortega played a 130Hz tone to make an HDD stop responding to commands. "The Linux kernel disconnected it entirely after 120 seconds," he said. There's a video of this demo on YouTube.

This discussion has been archived. No new comments can be posted.

Researcher Turns HDD Into Rudimentary Microphone

Comments Filter:

    It's not yelling, if it's yelling?

  • by gweihir ( 88907 ) on Friday October 13, 2017 @09:17AM (#55361641)

    The original finding from 2008 is here:

                    https://www.youtube.com/watch?... [youtube.com]

    No idea why anybody thinks this is worth a talk now.

    • Yes. A startling departure from the cutting edge news source we've come to expect here at the Slashdot.

      /. --downright old (by internet standards) and pretty well-known.

  • by IGnatius T Foobar ( 4328 ) on Friday October 13, 2017 @09:41AM (#55361747) Homepage Journal
    Before all the silly conversations begin about "omg anyone's computer can be turned into an eavesdropping device!!!1" ... remember that if you can compromise a computer to the point where you can make low-level manipulations to the hard disk ... you can also simply turn on the microphone.
    • by cachimaster ( 127194 ) on Friday October 13, 2017 @09:51AM (#55361801)

      God damn, nobody read the article anymore?

      No, you don't need low-level manipulations to the hard disk, you only need to read a file, a low-privileged operation. Also, you can do it in servers that don't usually have a microphone.

      • by Junta ( 36770 )

        The server would just hear a lot of fan noise in the vast majority of cases. It is rare for a human to even be around disks for conversation.

        In a slightly more interesting thing, you could make an out-of-band communication method, induce noise (through disk accesses but more likely fan responses) and measure noise using HDD, of course it's hard to imagine getting that much access to two distinct systems and being so desparate as to communicate this way.

      • You only need to read a file, in such a fashion that you can monitor and record low level artifacts of the file reading process.

        Wow. I bet there's a driver for that built right into the Linux kernel. One that requires no privilege escalation to access.

        Geez, get a clue. Junk science wants it's junk back.

        • You can try it yourself. There's a link to the repo in TFA.

          • by bws111 ( 1216812 )

            Yeah, and the very first thing that code does is open /dev/sda in read mode. How poorly must you have your system configured that a regular user can do that?

            • by phorm ( 591458 )

              Well, a lot of distros put the primary user(s) a group that allows access to external/plugabble storage devices, which would also include external hard drives.

          • by Gr8Apes ( 679165 )
            Well damnit - it doesn't work on my SSD.
      • God damn, nobody read the article anymore?

        You should know better by now...

      • by bws111 ( 1216812 )

        It is not reading 'a file'. It is reading the DISK. In any sane setup, and especially on servers, regular users can not access the disk. It is in no way a 'low privilege operation'.

    • by bsDaemon ( 87307 )

      My laptop doesn't have a microphone or camera specifically so that they aren't physically there for anyone to compromise. The OS and most of my apps live on NVMe. There is a 2TB disk in there, though. So if someone can implant malware that could monitor disk latency caused by vibrations and then reconstruct, to some degree, ambient audio, up to and including conversation then... i guess it means that I have an excuse to upgrade that disk to an SSD and justify it as a surveillance countermeasure. (even thoug

  • by 93 Escort Wagon ( 326346 ) on Friday October 13, 2017 @09:54AM (#55361823)

    Let me know when you can do the same thing with a microwave oven.

  • I wonder if this would be more useful as a seismograph?
  • I think this website help us: http://www.fanatik.com.tr/2014... [fanatik.com.tr]

Can anyone remember when the times were not hard, and money not scarce?