Scroll Top

Chinese researchers turned hard drives into covert listening devices



There are many ways people can spy on you, and now they can listen in on your conversations by monitoring your hard drives vibrations.


Everything can be hacked in order to spy on “stuff” it seems, whether it’s hacking ultra secure air gapped systems, like the ones used in top secret datacenters, or even “unhackable” quantum encryption, and now even the humble hard drive it turns out can be used to spy on your private conversations after researchers from the University of Michigan Zhejiang in China demonstrated that they can be turned into highly effective evesdropping devices.


Apple's Augmented Reality OS gets unveiled as a concept


Turning a hard drive into a listening device doesn’t have anything to do with its data storage capabilities though. Instead, the team leveraged the sensors that help control the position of the read head above the platters. The head needs to be in precisely the right spot on the track to operate — even a few nanometers can be the difference between perfect functionality and a corrupted file. The drive’s internal sensors generate what’s called a Positional Error Signal (PES), and this is how the researchers extracted sounds from the hard drive.

Any vibration can alter the position of a hard drive, so a modern hard drive is sensitive enough to pick up even minute disturbances in the platter. And yes, even human speech shows up in the PES data, but of course, hard drives don’t broadcast PES readings for everyone to analyse.

In a proof of concept experiment, the team installed modified firmware on the drives that could record the PES measurements. Using that data, the researchers created high-quality recordings of human voices, and in another test the PES data was sufficient to reconstruct music playing near the hard drive. It was so accurate that the music ID app Shazam was able to identify the song.


World's largest DDoS attack tops 1Tbps


There are a few notable drawbacks to this eavesdropping method though. For one, you need physical access to the hard drive to implant the malicious firmware. Then, you need a package on the computer with internet access to send the PES data. It’s not impossible – state actors have been known to intercept computers and implant bugs before sending them along to the target. The other issue is the sounds near the hard drive need to be rather loud. For human speech, you’re looking at 75dB minimum, which is like having an almost-argument within a few feet of a hard drive, and to ID music it needs to be playing at about 90dB which is the same volume as a lawnmower.

So, the result is that for now your hard drive probably isn’t spying on you, but if you’re an attractive enough target, then, well, who knows, and as the exploit gets fine tuned one day it’ll inevitably be able to detect even a whisper… so be careful what you say.

Related Posts

Leave a comment


1000's of articles about the exponential future, 1000's of pages of insights, 1000's of videos, and 100's of exponential technologies: Get The Email from 311, your no-nonsense briefing on all the biggest stories in exponential technology and science.

You have Successfully Subscribed!

Pin It on Pinterest

Share This