
Hard disks can be turned into listening devices - bjoko
https://www.theregister.co.uk/2019/03/07/hard_drive_eavesdropping/
======
degenerate
Buried 4/5 down the page: " _One limiting aspect of the described technique is
that it requires a fairly loud conversation in the vicinity of the
eavesdropping hard drive. To record comprehensible speech, the conversation
had to reach 85 dBA, with 75 dBA being the low threshold for capturing muffled
sound._ "

For context, a vacuum cleaner is also 75 decibels, with 80db as the threshold
for hearing loss: [https://ehs.yale.edu/sites/default/files/files/decibel-
level...](https://ehs.yale.edu/sites/default/files/files/decibel-level-
chart.pdf)

So you literally have to scream at each other right in front of the hard drive
for it to record discernible speech. This is not an "eavesdropping mic" as the
subheading of the article claims. Therefore, it's yet another clickbait BS
fearmongering article about an interesting tech hack.

~~~
Dotnaught
Author here. I disagree that a straightforward report on computer science
research qualifies as "clickbait BS fearmongering." Note the all caps subhead.
That should make it clear there are limitations: GOOD ENOUGH TO RECOGNIZE
MUSIC VIA SHAZAM IF YOU TURN IT UP TO 11. And as the researchers state in
their paper, they expect the technique can be improved.

~~~
stronglikedan
OP is likely taking exception to the use of the word "eavesdropping", since it
means listening to, specifically, conversations.

~~~
Dotnaught
The researchers use that very word in the title of their paper: "Hard Drive of
Hearing: Disks that Eavesdrop with a Synthesized Microphone"

~~~
shittyadmin
Yeah, researchers are known to do this kind of thing to get more publicity for
their research, they have career goals too after all.

It's research clickbait basically.

~~~
anigbrowl
How much experience do you have with forensic audio analysis?

------
ChuckMcM
Wow, that is super fun. There is a story which I can neither confirm nor deny
that a company with large data centers and drive firmware that exported PES
data was able to correlate data from drives in different locations of said
data center and make a seismic interferometer which could "image" traffic on a
freeway nearby. :-)

I had no idea you could get as much as 4KHz of frequency bandwidth out of
those sensors. That is a pretty cool result.

~~~
anigbrowl
That's a very credible story. Pulling signals from arrays of noisy microphones
is computationally intensive but very very powerful. On a small scale, that's
what allows Alexa to hear people clearly from across the room.

~~~
jpfed
...which leads immediately to the question of whether they're using the fact
that HDDs have multiple platters.

~~~
anigbrowl
I would, but I'm not a good enough mathematician to say whether you'd get
better results from an average or a differential. You'd need to ID the drive
model then figure out the # of platters and the distance between them and then
take the speed of sound into account while getting rid of small peaks, and...

I've often wondered what sort of physical problems the people who engineer
hard disks deal with, whether they have problems with micro-turbulence and
suchlike.

------
roywiggins
Prior art:
[https://www.youtube.com/watch?v=tDacjrSCeq4](https://www.youtube.com/watch?v=tDacjrSCeq4)

~~~
lucb1e
That was the first video that came to mind when I saw the headline in a chat
earlier today.

------
AndrewKemendo
Any system that converts physical energy to electric activity (loosely:
transducer) can be used to collect signals remotely.

I think this is kind of a basic thing that once you know it, you see the
possibilities almost everywhere, where you understand how electrical fields
can be generated with physical interaction. Transportation of the sensing then
becomes the next problem to solve.

------
johnnycab
The inaudible range is far more likely to used as an attack vector for
nefarious purposes.

[https://arxiv.org/pdf/1708.09537.pdf](https://arxiv.org/pdf/1708.09537.pdf)

[https://arstechnica.com/information-
technology/2017/05/there...](https://arstechnica.com/information-
technology/2017/05/theres-a-spike-in-android-apps-that-covertly-listen-for-
inaudible-sounds-in-ads/)

------
gambler
I wonder whether there is a way to reconfigure audio jacks into microphone
jacks on an average sound card these days. Little known fact: speakers and
headphones are also microphones simply by the physics of how they work.

~~~
jloughry
Yes:

 _Interestingly, the audio chipsets in modern motherboards and sound cards
include an option to change the function of an audio port at the software
level, a type of audio port programming sometimes referred to as ’jack
retasking’. This option is available on most audio chipsets (e.g., Realtek’s
audio chipsets) integrated into PC motherboards today. Jack retasking,
although documented in the technical specifications, is not well-known [34].
For an in-depth technical discussion on malicious retasking of an audio jack,
from the hardware to the operating system level, we refer the interested
reader to the following previous work [29]._

References:

Mordechai Guri and Yosef Solwicz and Andrey Daidakulov and Yuval Elovici.
'MOSQUITO: Covert Ultrasonic Transmissions between Two Air-Gapped Computers
using Speaker-to-Speaker Communication'. arXiv preprint 1803.03422v1 [cs.CR],
9th March 2018.

Mordechai Guri and Yosef Solewicz and Andrey Daidakulov and Yuval Elovici.
'Speake(a)r: Turn speakers to microphones for fun and profit'. 11th USENIX
Workshop on Offensive Technologies (WOOT 17). USENIX Association, 2017.

~~~
ocdtrekkie
Curious how the average user could try to mitigate this threat. Perhaps if you
were using speakers connected to an HDMI monitor, rather than an audio jack?
Presumably then you'd have to figure out how to exploit both the audio chip on
the motherboard _and_ the HDMI device, which I presume would not by default be
willing to operate as an input device.

------
fit2rule
Story time: I was a young programmer in the 80's, working in an environment
where the computers were all housed in their own special isolated computer
room, and we devs had to use terminals to gain access - a typical computer ops
setup, you've seen it all before.

One day, in order to comply with some law or other, the company upgraded the
security system, renovating the space such that it was enclosed in bullet-
proof glass panels, required a key-card to enter, had an operator at all times
(24/7), etc. They installed a Halon fire suppression system, and a gigantic
alarm horn to function as a company-wide alert.

Well, the day it was all set up, it was time to test it all - Halon test dump,
done (very expensive test). Operator still alive (had to use an oxygen mask),
done. Alarm siren test: done. Okay, back to work .. hang on .. all of the
systems are down .. what's going on ..

Yes, the siren was so loud, and had been positioned close enough to the
bullet-proof walls, that the focused energy it created had crashed the disks.
;)

That was a very expensive renovation. Fortunately, we got the 'restore from
last backup' test done pretty quickly ..

------
DevX101
I've always been interested to know what kinds of physical attacks security
consultants at major firms have uncovered. How many 'obscure' espionage
techniques like this or listening for keystroke combinations via audio have
been deployed in the real world for malicious purposes?

~~~
bjoko
I was thinking exactly the same. Keystroke noises on a computer keyboard as
well as when entering security pins on ATM's.

------
squarefoot
Also any fast enough accelerometer can be used as a microphone, and no user
would complain if an app would ask permissions to use the accelerometer and
network pretending they're needed for positioning and updates. Not sure though
how many phones are using fast enough accelerometers to be used to sample
voice. Most should go up to a few hundred Hertz with the right software, but
human voice requires at least a few KHz bandwidth.

------
donatj
Interesting. I just watched a video yesterday about how you could see
screaming on hard drive stats in a data center:

[https://www.youtube.com/watch?v=tDacjrSCeq4](https://www.youtube.com/watch?v=tDacjrSCeq4)

------
zelon88
It would be way easier to just, you know, eavesdrop with the actual microphone
instead?

Although it is a cool experiment and POC. A few years ago I took apart 5 HDD's
to see if I could make a usable speaker (as a desk/novelty thing). 2 of them
worked, one of them worked with decent fidelity. Three failed (probably my
fault). The one that worked was a literally massive double-5.25" Maxtor.

------
ngneer
The latest in a long long line of TEMPEST research. I think I would prefer to
see academic security research steered in the direction of solving problems
affecting millions, but an interesting discovery nonetheless.

------
postit
I remember watching an old YouTube movie from Brendan Gregg where he screams
in front of a sun NAS and the voice vibration affects the HD reading speed
among other parameters.

~~~
hermitdev
When I was in college, we had issues with the oscilloscopes in our electronics
lab. They were sensitive enough to register body movement nearby with no
physical contact. This was about 20 years ago. Think they were HPs...

It wasn't really a problem; we only noticed because we couldnt get a signal
out of our circuit due to a busted internal lead connection, but we noticed
the changes as people walked past. Was curious.

------
JoachimS
So HDDs would benefit from the meta material that kills sound:

[https://www.bu.edu/research/articles/researchers-develop-
aco...](https://www.bu.edu/research/articles/researchers-develop-acoustic-
metamaterial-noise-cancellation-device/)

[https://news.ycombinator.com/item?id=19344682](https://news.ycombinator.com/item?id=19344682)

------
zepearl
This is interesting probably only from an academic point of view (as stated in
the article) and only a corner case of what could be done when having the
possibility to replace the firmware of a HDD.

------
gumby
I can't believe The Register of all sites managed to write this article
without making a voice coil pun.

------
phkahler
So the signal already exists in the software. Just make it available via a
"secret" file.

------
egwynn
Guess I picked the wrong week to start shouting secrets at my hard drive.

------
arcaster
"OH MAN - IF WE TALK THIS LOUD SOME ASSHOLE WHO HACKED OUR HARD-DRIVE MIGHT BE
ABLE TO HEAR US" \- govt worker | "CHRIST MAN WE'RE TRYING TO HAVE A MEETING
IN THE SOUNDPROOF MEETING ROOM WE MADE SO PEOPLE WITH HACKED HARD DRIVES
COULDN'T HEAR US!" \- gov't manager 1 "HARD-DRIVES MAN [shakes fist at
desktop]" \- govt worker

