Hacker News: Attackers Can Use Sonic and Ultrasonic Signals to Crash Hard Drives

hard-drive-crash-hack

Researchers have demonstrated how sonic and ultrasonic signals (inaudible to human) can be used to cause physical damage to hard drives just by playing ultrasonic sounds through a target computer’s own built-in speaker or by exploiting a speaker near the targeted device.

Similar research was conducted last year by a group of researchers from Princeton and Purdue University, who demonstrated a denial-of-service (DoS) attack against HDDs by exploiting a physical phenomenon called acoustic resonance.

Since HDDs are exposed to external vibrations, researchers showed how specially crafted acoustic signals could cause significant vibrations in HDDs internal components, which eventually leads to the failure in systems that relies on the HDD.

To prevent a head crash from acoustic resonance, modern HDDs use shock sensor-driven feedforward controllers that detect such movement and improve the head positioning accuracy while reading and writing the data.

However, according to a new research paper published by a team of researchers from the University of Michigan and Zhejiang University, sonic and ultrasonic sounds causes false positives in the shock sensor, causing a drive to unnecessarily park its head.

crash-hard-drive-hacking

By exploiting this disk drive vulnerability, researchers demonstrated how attackers could carry out successful real-world attacks against HDDs found in CCTV (Closed-Circuit Television) systems and desktop computers.

“An attacker can use the effects from hard disk drive vulnerabilities to launch system level consequences such as crashing Windows on a laptop using the built-in speaker and preventing surveillance systems from recording video,” the research paper reads.

These attacks can be performed using a nearby external speaker or through the target system’s own built-in speakers by tricking the user into playing a malicious sound attached to an email or a web page.

In their experimental set-up, the researchers tested acoustic and ultrasonic interferences against various HDDs from Seagate, Toshiba and Western Digital and found that ultrasonic waves took just 5-8 seconds to induce errors.

However, sound interferences that lasted for 105 seconds or more caused the stock Western Digital HDD in the video-surveillance device to stop recording from the beginning of the vibration until the device was restarted.

“In the case that a victim user is not physically near the system being attacked, an adversary can use any frequency to attack the system,” the researchers explain.

“The system’s live camera stream never displays an indication of an attack. Also, the system does not provide any method to learn of audio in the environment. Thus, if a victim user were not physically near the system, an adversary can use audible signals while remaining undetected.”

hard-drive-crash

The researchers were also able to disrupt HDDs in desktops and laptops running both Windows and Linux operating system. They took just 45 seconds to cause a Dell XPS 15 9550 laptop to freeze and 125 seconds to crash when the laptop was tricked to play malicious audio over its built-in speaker.

The team also proposed some defenses that can be used to detect or prevent such type of attacks, including a new feedback controller that could be deployed as a firmware update to attenuate the intentional acoustic interference, a sensor fusion method to prevent unnecessary head parking by detecting ultrasonic triggering of the shock sensor, and noise dampening materials to attenuate the signal.

You can find out more about HDD ultrasonic acoustic attacks in a research paper [PDF] titled “Blue Note: How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems.”

Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.
Advertisements

Hacker News: Russia asks Apple to remove Telegram Messenger from the App Store

russia-telegram-messenger-apple-app-store

Russia’s communications regulator Roskomnadzor has threatened Apple to face the consequences if the company does not remove secure messaging app Telegram from its App Store.

Back in April, the Russian government banned Telegram in the country for the company’s refusal to hand over private encryption keys to Russian state security services to access messages sent using the secure service.

However, so far, the Telegram app is still available in the Russian version of Apple’s App Store.

So in an effort to entirely ban Telegram, state watchdog Roskomnadzor reportedly sent a legally binding letter to Apple asking it to remove the app from its Russian App Store and block it from sending push notifications to local users who have already downloaded the app.

Roskomnadzor’s director Alexander Zharov said he is giving the company one month to remove the Telegram app from its App Store before the regulator enforces punishment for violations.

For those unfamiliar with the app, Telegram offers end-to-end encryption for secure messaging, so that no one, not even Telegram, can access the messages that are sent between users.

However, despite being banned in April, the majority of users in Russia are still using the app via Virtual Private Networks (VPNs), and only 15 to 30 percent of Telegram’s operations in the country have been disrupted so far, Roskomnadzor announced yesterday.

This failure leads the regulator to turn to Apple for help taking the app down.

“In order to avoid possible action by Roskomnadzor for violations of the functioning of the above-mentioned Apple Inc. service, we ask you to inform us as soon as possible about your company’s further actions to resolve the problematic issue,” said Roskomnadzor in the letter.

The state regulator also says that the regulator is in talks with Google to ban the Telegram app from Google Play as well.

Roskomnadzor is a federal executive body in Russia which is responsible for overseeing the media, including the electronic media, mass communications, information technology and telecommunications; organizing the work of the radio-frequency service; and overseeing compliance with the law protecting the confidentiality of its users’ personal data.

Roskomnadzor wanted Telegram to share its users’ chats and encryption keys with the state security services, as the encrypted messaging app is widely popular among terrorists that operate inside Russia.

However, Telegram declined to comply with the requirements.

Apple has primarily expressed its support for encryption and secure data in the past, but we have seen the company complying with the local demands.

Last year, Apple removed all VPN apps from its App Store in China, making it harder for internet users to bypass its Great Firewall, and moved its iCloud operations to a local firm linked to the Chinese government.

Also, at the end of last year, Apple pulled Skype, along with several similar apps, from its App Store in China.

Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

REVEALED! Trump and Secret Dark State Tactic For Invading Countries

Futurist Trendcast

Listen to complete TRUMP/DEEP STATE REPORT: Why Trump Was Exonerated of ‘Collusion with Russia’? : https://www.patreon.com/posts/exclusi…

TO UNLOCK THIS EXCLUSIVE CONTENT BECOME LADA RAY PATRON: https://www.patreon.com/LadaRay [this report is Part 1 of NEW 6-PART PATREON-EXCLUSIVE EXPOSE!]

Buy Earth Shift Webinars http://ladarayinfo.weebly.com/webinars

MAIN SITE http://www.LadaRay.com/

FUTURIST TRENDCAST https://futuristrendcast.wordpress.com/

View original post

10min EXCERPT: ​1000 LOST YEARS & FALSIFIED HISTORY (Forbidden History ESW8)

Futurist Trendcast

​Subscribe to

NEW EARTH SHIFT WEBINAR SERIES: 

FORBIDDEN HISTORY ​& FORGOTTEN ORIGINS 
(FH&FO series ESW7-10)

You can also buy individual webinars

THIS IS THE ONLY WEBINAR SERIES OF 2018!

Three webinars released already! Last in the series coming soon! 

Big announcements coming on Monday (Patreon) & Tuesday (FuturisTrendcast)!

Don’t miss:

Q&A green light; Series price change; Last webinar release date!

WEBINAR 8 http://ladarayinfo.weebly.com/webinar…

Full EARTH SHIFT WEBINAR SERIES: FORBIDDEN HISTORY & FORGOTTEN ORIGINS (ESW7-10) http://ladarayinfo.weebly.com/forbidd…

COPYRIGHT NOTICE! EARTH SHIFT WEBINAR 8: 1000 Lost Years & Falsified History Copyright 2018 Lada Ray. All rights reserved.

Buy Earth Shift Webinars http://ladarayinfo.weebly.com/webinars

BECOME Lada Ray PATRON on Patreon: https://www.patreon.com/LadaRay

MAIN SITE http://www.LadaRay.com/

Read 1000 FREE articles & posts: FUTURIST TRENDCAST https://futuristrendcast.wordpress.com/

View original post

Masks Off: Super-Bully of the World US Threatens Germany and Russia over Nord Stream-2

Futurist Trendcast

I coined the term ‘Super-Bully of the World’ several years ago. Now the masks are finally off and the king is fully naked. The US openly threatens its ‘ally’ Germany with a trade war if Germany doesn’t stop the Nord Stream-2 project. The threats began before Merkel’s trip to Sochi where she met with Putin, and they are escalating after her return.

RT videos give you more details:

US threatens to punish Russia & Germany if they continue playing with gas

Putin greets Merkel with flowers: “Political Disagreements and Economic Projects Should Be Kept Separate”

We had discussed in previous years how crucially important Nord Stream-2 is for all of Europe, and first and foremost, for Germany. And of course it’s very important for Russia. Essentially, now both EU and Russia are held hostage by Ukraine gas pipeline. Nord Stream-2 will completely change this status quo, taking most leverage away…

View original post 370 more words

The big vaccine-autism lie

Jon Rappoport's Blog

The big vaccine-autism lie

By Jon Rappoport

“How is a self-contained world built? Well, you can take a major situation which has an obvious cause, and then relabel the situation with a new name and say the cause is unknown. Then you can claim you’re looking for the cause, and you can keep looking and stalling for 50 years.” (The Underground, Jon Rappoport)

First of all, there is NO definitive evidence that autism is a specific condition with a single cause.

If you doubt this, look up the definition of autism in the Diagnostic and Statistical Manual of Mental Disorders, and try to find a definitive lab test that leads to a diagnosis of autism. There is no such test.

That means there is no confirmed cause of autism. And THAT means there is no proof autism is a single and specific condition.

Like other so-called developmental disorders or neurological…

View original post 699 more words

Russia’s MoD Holds Exhibition to Show Off War Trophies From Syria – US “Smart” Missiles on Display

This is hilarious proof that Trump’s latest Syrian missile strike was unnecessary and a complete farce. The US narrative of destroying Assad’s chemical weapons supply falls apart – a total lie from start to finish! Must watch proof: