New Hacking Method Listens to the Noise a Hard Drive Makes

by Robert Best on December 6, 2016
Find me on:

new hacking methodAs though computing systems apparently weren’t under enough threats, security researchers have discovered yet another new hacking method from a truly unexpected source. The sounds your hard drive makes can give a properly-equipped hacker everything they need to gather data from your machine, including any encryption keys you may have in place.

Targeting the hard drive’s actuator, DiskFiltration malware can decipher the sounds that the actuator makes as it writes data to the drive’s platters, assuming the malware is paired with the correct device.

Fortunately, this method does not look to be a promising option for hackers to make use of. For one, the hack will only work if the recording device is within six feet of a system for an extended period of time, as the data rate caps out at 180 bits each minute. Furthermore, this method of hacking is only effective against hard disk drives, as solid state drives make no sounds for DiskFiltration to filter through. Therefore, to avoid falling victim to DiskFiltration, there are some relatively simple precautions to take.

Encourage employees to keep an inventory of their desktops. Since the physical component of DiskFiltration requires a very close range, chances are it can be avoided if a worker just keeps track of the things on their desk, keeping unfamiliar devices away from your system. Make sure your employees remain vigilant of threats, both online and in person.

Consider upgrading to SSD. Without the physical noise of a mechanical hard drive, DiskFiltration is rendered useless. Plus, your systems will receive a boost in stability in general from the moving-part-free hardware.

If you upgrade to an SSD, you are that much better defended against a new variety of threat, as well as given the opportunity to prepare for similar threats before they advance.

To learn more about how to protect your business from the latest hacks, subscribe to our blog.

Topics: IT Security