Skip to content
Naked Security Naked Security

Acoustic attacks can blue-screen computers

New research has discovered hard drives can be vulnerable to sonic interference.

Hard disk drives (HDDs), as anyone who has owned enough of them will know, occasionally go bad.
The main problems are thermal stress (e.g. repeated heating/cooling, especially in laptops) and the physical shock of being dropped or knocked.
But what about sound waves used maliciously? It wouldn’t top of most people’s worry list, but new research by a team from the University of Michigan and Zhejiang University has discovered that today’s generation of hard drives turn out to be surprisingly vulnerable to sonic interference.
The simplest experiment the team conducted used sound waves – essentially vibrations at a range of frequencies both acoustic (audible) and ultrasonic (inaudible) – to knock the read/write heads on common models of HDD beyond their normal tolerances.
Not surprisingly, as the power of these sounds increased, drive throughput decreased gradually to the point where no data could be written or, at higher amplitudes, read.
This, of course, is what modern HDDs are designed to do – if you vibrate them, sensors and accelerometers detect this and, if it’s bad enough, park the heads to avoid collisions or crashes with the spinning platter.
The discovery here is that the weak point isn’t the drives themselves, but the sensors designed to protect them. Using the right frequencies, these can be spoofed into protecting the drive when that isn’t necessary.
Although acoustic attacks didn’t seem to be able to cause full head crashes, they did seem to increase the rate at which the HDD firmware marked sectors as unusable, reducing a drive’s usable capacity.
Operating systems were also affected by the attacks. Those used in the test, Windows 10 and Ubuntu 16.04, both logged numerous errors and application and OS freezes, which demonstrates how acoustic attacks might be a viable way to conduct a denial-of-service against PCs.
Launching a real-world sonic attack would mean using a speaker either in or near the target drive.
The researchers’ proof-of-concept attack involved using a malicious site to play audio through a PC or laptop’s internal speaker.
Depending on the drive model, OS and frequency used, this was able to cause major problems in PC and laptop HDDs in anything from 45 seconds to four minutes.

A second test showed how the same technique could be used to disrupt the recording of video by a surveillance system recording to HDDs.

In the case that a victim user is not physically near the system being attacked, an adversary can use any frequency to attack the system. The system’s live camera stream never displays indication of an attack.

If attackers were able to use ultrasonic sound inaudible to humans, such an attack would be unlikely to be detected.

The problem poses a challenge for legacy magnetic disks that remain stubbornly common in safety critical applications such as medical devices and other highly utilized systems difficult to sunset.

The team’s recommendations include redesigning HDDs, possibly using more dampening to reduce the effect of sound on sensors. Even simply enclosing an HDD in foam padding seemed to help although this created problems for heat dissipation.
The University of Michigan and Zhejiang University team isn’t the only one looking into the malicious use of sound, or ‘resonant acoustic attacks’ to give them their full name.
It’s been known for a while that sensors found inside a growing number of devices such as Fitbits, games consoles, and smartphones are susceptible to sound interference.
On a related note, earlier this year Israeli researchers published a paper showing how ultrasonic sound could be used to jump air-gaps designed to protect networks from direct attack. Even fan noise has been proposed as a possible route to sneaking data out of a computer.
It’s important to note that there has never been a single documented malicious acoustic attack on a computer system or network.
But given that they leave no trace and are inherently difficult to detect while they’re happening, can we really be sure?


“Launching a real-world sonic attack would mean using a speaker either in or near the target drive.”
How can you get a speaker into the target drive itself? Perhaps, “in the target machine itself” was meant.


There is a cool video from a long time ago showing an engineer monitoring the performance of a storage array, and him screaming at the drives was enough to cause a very noticeable drop in performance.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!