Researchers have found a way to steal data from a computer that isn’t connected to the internet, doesn’t have bluetooth enabled, and isn’t connected to any other device. How? By listening to the sounds your hard drive makes when it’s in use.
The hack is detailed in a paper which explains how these researchers manage to capture seemingly innocuous sounds and turn them into actionable data. The gist is that one noise becomes a “1,” another noise becomes a “0,” and combined, this quiet symphony reveals sensitive information.
In the paper, the researchers say they were able to gather “passwords, encryption keys, and keylogging data” at a rate of 180 bits per minute at a distance of six feet. They’ve dubbed the hack “DiskFiltration” — a portmanteau of “disk” and “exfiltration” — because it’s 2016 and every new exploit needs a cool name.
Here’s the good news: DiskFiltration only works if someone installs malware on the target device, and it only affects computers that use rotary hard drives. As much of the industry switches to solid-state drives (which don’t make the same noise when they operate) people with newer computers should be safe from this hack.
The problem is that solid-state drives and the computers in which they’re housed can be expensive. A hack like this can have serious implications for people who can’t afford a new device, or who use a hard drive for data storage because they don’t want to pay for a newer drive. That population will shrink as time goes on and solid-state drives become nigh ubiquitous, but for now it’s still pretty sizable.
So make sure nobody is able to install malware on your device, and the next time you hear your hard drive start to spin and sputter, remember that it’s not just spinning a disc. It could be inadvertently leaking your secrets to anyone who’s listening.
You can read the full paper detailing how DiskFiltration works right here: