
Hard Drive of Hearing: Disks That Eavesdrop with a Synthesized Microphone [pdf] - gwern
https://spqr.eecs.umich.edu/papers/Kwong-HDDphone-IEEE-SP-2019.pdf
======
TimTheTinker
Pasting relevant abstract section:

> Our research demonstrates that the mechanical components in magnetic hard
> disk drives behave as microphones with sufficient precision to extract and
> parse human speech. These unintentional microphones sense speech with high
> enough fidelity for the Shazam service to recognize a song recorded through
> the hard drive. This proof of concept attack sheds light on the possibility
> of invasion of privacy even in absence of traditional sensors. We also
> present defense mechanisms, such as the use of ultrasonic aliasing, that can
> mitigate acoustic eavesdropping by synthesized microphones in hard disk
> drives.

So this attack is for magnetic HDDs, not SSDs or flash media.

~~~
imhoguy
Waiting for a day to be able to mod SSD into SDR /s

~~~
afandian
I bet there's already a MEMS accelerometer in there somewhere.

------
trdtaylor1
For those now questioning hard drives in their security arenas.

The 'researchers' (again, it's Wenyuan Xu, she's the clickbait of security
research) took computer speakers on nearly max volume onto either side of a
hard drive. Shazam barely recognizes the song (more often recognizes it as
something else).

Wenyuan does this every time.

~~~
geofft
Isn't that what security researchers are supposed to do? Find the most
implausible-sounding attacks, get them to work at least some of the time?

I would not be reassured by someone telling me "well, most of the time,
there's too much noise to get a reliable side channel out of Spectre."

~~~
locacorten
The main trait of a top researcher is skepticism -- the willingness to doubt
results. You learn to be skeptical as part of the training during your Ph.D.

Unfortunately, the standards have fallen. The security community is one of the
worst instances of the lack of skepticism in the science arena. The community
has started to reward clickbaity papers because they "sell". It's a race to
the bottom.

~~~
Spooky23
Security is tough because you a mix of complete idiots trolling for attention,
business, or jobs, vendors seeking fud to drive sales, and incredibly talented
people reverse engineering and discovering things.

I suspect that some the worst are seeded and encouraged by parties who benefit
from a lack of trust in research and maximum chaos.

~~~
locacorten
Great point.

But there should be a distinction between academic conferences where
professors from U. Mich are publishing and practitioner conferences aimed at
industry (including sales, etc.).

My criticism is about academic conferences -- there's little skepticism left
when reviewing papers describing attacks. As long as it's cool, it's in.

Look at the title above: "Hard Drive of Hearing: Disks that Eavesdrop...".
It's not far off from the headlines on CNN or Fox News. At this rate, I
predict by 2025 we'll have Breaking News red banners on academic conferences
sites.

Let me re-assure everyone out there ... No, your disks are _not_
eavesdropping. Disks eavesdropping should be the least of your worries
security-wise.

~~~
jaclaz
>Let me re-assure everyone out there ... No, your disks are not eavesdropping.
Disks eavesdropping should be the least of your worries security-wise.

Sure, but think about how many people will refuse your statement and - thanks
to the article - will start to believe that aliens use hard disk recordings
before abducting them.

The damage has alas already been done, on - quite frankly - a very thin basis,
your general criticism is very well founded, a "reputable" institution would
(should) never accept those clickbaity titles.

------
kartan
This reminds me of a similar article many years ago about reading network
packet content from the light of the led in network cards.

It is another example of how things are safer in practice than in theory.
Entropy helps to keep things safe by introducing noise. All these measures are
easier in a lab than in the wild.

~~~
anfractuosity
I guess you might mean this paper which is very cool - [http://applied-
math.org/optical_tempest.pdf](http://applied-math.org/optical_tempest.pdf)

------
pmorici
I'm kind of surprised to learn this wasn't obvious or already known. People
have been hacking old hard drives into crappy speakers for a long time there
are countless examples of this on Youtube. Perhaps the most artistic is a
rendition of Radio Head's, Big Ideas (Don't Get Any) played on a Sinclair ZX
Spectrum attached to an array of hard drives. [0] I always just assumed that
any thing that acts like a speaker could also be made to act like a Mic.

[0] [https://vimeo.com/1109226](https://vimeo.com/1109226)

------
anfractuosity
There's also the interesting talk on it here -
[https://www.youtube.com/watch?v=EvoOP6iKYMQ](https://www.youtube.com/watch?v=EvoOP6iKYMQ)

------
mikece
Only slightly tangential but every time I see another story about a new way to
conduct surveillance I can't help wondering if Rockwell had seen the future
and was trying to warn us with his song "I feel like someone is watching me."

[https://youtu.be/7YvAYIJSSZY](https://youtu.be/7YvAYIJSSZY)

------
lonyi
Summarization from The Register:

[https://www.theregister.co.uk/2019/03/07/hard_drive_eavesdro...](https://www.theregister.co.uk/2019/03/07/hard_drive_eavesdropping/)

------
ctdonath
A stretch, yes. But gone from "ludicrous & delusional" to "proof of concept".

Now apply government intelligence service funding, plus no limiting
accountability, plus motivation/target.

------
Severian
Classic clip from 2008
[https://www.youtube.com/watch?v=tDacjrSCeq4](https://www.youtube.com/watch?v=tDacjrSCeq4)

------
trhway
i think the other direction it would work too - generating HDD head movements
in a way to encode info in the resulting noise - taken together with the OP it
means that one can cross the air gap in both directions (the Cuban sounds look
more and more like an electronic attack with humans being just an unfortunate
collateral). Similar things can probably be done with the CPU/case fans - thus
for example a "bad" motherboard can talk and listen to the world.

~~~
userbinator
_generating HDD head movements in a way to encode info in the resulting noise_

That's not so interesting, as anyone who has used a machine with an audible
hard drive knows --- you can tell whether the system is idle, working, or
doing something strange ("I'm not doing anything that would write to the disk,
why is it still grinding?") just by the sound.

~~~
trhway
you can encode it into a normally working mode - say by slightly varying
timings of head movements during legit disk ops, kind of frequency coding.

~~~
anticensor
That would be an interesting advancement.

------
OnACoffeeBreak
Their setup it's arguably contrived. HHD is in an external enclosure with a
fan. While they turn the fan too max power in an attempt to get a more typical
or "worst case" setup, it seems to me that is far from a common setup of a
hard drive inside a computer chassis with associated mounting hardware between
the HHD and source of speech.

