There are many ways people can spy on you, and now they can listen in on your conversations by monitoring your hard drives vibrations.


Everything can be hacked in order to spy on “stuff” it seems, whether it’s hacking ultra secure air gapped systems, like the ones used in top secret datacenters, or even “unhackable” quantum encryption, and now even the humble hard drive it turns out can be used to spy on your private conversations after researchers from the University of Michigan Zhejiang in China demonstrated that they can be turned into highly effective evesdropping devices.


IBM announces plans to sell a commercial 'universal' quantum computer by 2020


Turning a hard drive into a listening device doesn’t have anything to do with its data storage capabilities though. Instead, the team leveraged the sensors that help control the position of the read head above the platters. The head needs to be in precisely the right spot on the track to operate — even a few nanometers can be the difference between perfect functionality and a corrupted file. The drive’s internal sensors generate what’s called a Positional Error Signal (PES), and this is how the researchers extracted sounds from the hard drive.

Any vibration can alter the position of a hard drive, so a modern hard drive is sensitive enough to pick up even minute disturbances in the platter. And yes, even human speech shows up in the PES data, but of course, hard drives don’t broadcast PES readings for everyone to analyse.

In a proof of concept experiment, the team installed modified firmware on the drives that could record the PES measurements. Using that data, the researchers created high-quality recordings of human voices, and in another test the PES data was sufficient to reconstruct music playing near the hard drive. It was so accurate that the music ID app Shazam was able to identify the song.


Watch: SpaceX sticks another great landing


There are a few notable drawbacks to this eavesdropping method though. For one, you need physical access to the hard drive to implant the malicious firmware. Then, you need a package on the computer with internet access to send the PES data. It’s not impossible – state actors have been known to intercept computers and implant bugs before sending them along to the target. The other issue is the sounds near the hard drive need to be rather loud. For human speech, you’re looking at 75dB minimum, which is like having an almost-argument within a few feet of a hard drive, and to ID music it needs to be playing at about 90dB which is the same volume as a lawnmower.

So, the result is that for now your hard drive probably isn’t spying on you, but if you’re an attractive enough target, then, well, who knows, and as the exploit gets fine tuned one day it’ll inevitably be able to detect even a whisper… so be careful what you say.

About author

Matthew Griffin

Matthew Griffin, described as “The Adviser behind the Advisers” and a “Young Kurzweil,” is the founder and CEO of the World Futures Forum and the 311 Institute, a global Futures and Deep Futures consultancy working between the dates of 2020 to 2070, and is an award winning futurist, and author of “Codex of the Future” series. Regularly featured in the global media, including AP, BBC, Bloomberg, CNBC, Discovery, RT, Viacom, and WIRED, Matthew’s ability to identify, track, and explain the impacts of hundreds of revolutionary emerging technologies on global culture, industry and society, is unparalleled. Recognised for the past six years as one of the world’s foremost futurists, innovation and strategy experts Matthew is an international speaker who helps governments, investors, multi-nationals and regulators around the world envision, build and lead an inclusive, sustainable future. A rare talent Matthew’s recent work includes mentoring Lunar XPrize teams, re-envisioning global education and training with the G20, and helping the world’s largest organisations envision and ideate the future of their products and services, industries, and countries. Matthew's clients include three Prime Ministers and several governments, including the G7, Accenture, Aon, Bain & Co, BCG, Credit Suisse, Dell EMC, Dentons, Deloitte, E&Y, GEMS, Huawei, JPMorgan Chase, KPMG, Lego, McKinsey, PWC, Qualcomm, SAP, Samsung, Sopra Steria, T-Mobile, and many more.

Your email address will not be published. Required fields are marked *