Isn’t technology amazing? Look how many things have been developed since the first personal computers hit the scene. It is a wondrous time to be alive if you are a technology and gadget geek. Naturally, there are those out there who want to spoil it for everyone. Hackers and bad actors, you know who you are.
The latest example of this crowd corrupting our tech toys involves the hard disk drives (HDD) on our computers. This technology is so last century. But, even as solid-state drives (SSD) take over if you want a multi-terabyte drive that doesn’t cost as much as a Tesla, the venerable HDD can’t be beaten, at least not in terms of price and capacity.
According to an article by ExtremeTech, the HDD can be hacked and turned into a listening device. Before getting too worked up over this potential, the article tells its readers that completing this hack is not a trivial task. So, how does it work?
HDDs have sensors that read the position of the heads that write and retrieve data from the stacks of metallic disks. As data density has increased, the accuracy requirements of these heads have significantly increased. Think about it, a few years ago, a 250 MB HDD used essentially the same size disks as a 5 TB HDD today. Since the form factor has remained the same, data is apparently taking up a lot less room per byte.
To make sure the heads are always positioned to within nanometers of where they should be, manufacturers use sensors that generate a Positional Error Signal (PES) that help manage positional accuracy. The heads are susceptible to any vibration near them. Sound causes vibration, so music and talking can disturb their position. The sensors collect this data in the PES datafiles.
Researchers at the University of Michigan Zhejiang in China proved hack works in their laboratories. After their hack, they were able to create high-quality voice and music audio files from the PES data. They could clearly understand conversations and music. How clearly? The ExtremeTech article states that a music file was clear enough for Shazam to identify the song correctly. That’s not good!
Now on to the “this isn’t an easy thing,” part of the post. To accomplish this hack, the researchers loaded special firmware onto the HDD. Firmware is required because the sensors do not broadcast the data. Then they must have a means of collecting the PES data. The firmware requirement means the bad actors must have physical access to the drive. There are known instances of intelligence operations intercepting a PC and installing surveillance capabilities and malware of various types.
That’s a bit more comforting because the typical bad actors are not going to invest the time and effort to access millions of computers physically. It's comforting unless you are a secret agent and competing agencies want to know what you are planning.
Protecting privacy, personal and corporate data, and identity information are becoming more difficult every day. Technology gives us so much, and on the other hand, takes as much or more when we are not careful.
CRIP.TO continues to lead the way in developing secure communications for several applications. If you need the highest level of secure communications, whether between people, people and machines, or machine to machine, swing by our website and check our current offerings. Send us an email if you’d like more information. Your data is safe with us because that is what we do, we protect data. Now go and put some sound insulation around your PC! “Alexa, order me sound insulation!”