BAD NEWS on the insecurity front. Fiendish researchers have worked out and demonstrated another way to access and exploit your personals.
The researchers from Cornell University warned that a thing called DiskFiltration is your new nightmare, that is if you’ve got over all of your other security nightmares.
The findings are published in a paper snappily titled DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise, which is the last thing you’ll want to read before going to bed.
“Air-gapped computers are disconnected from the internet physically and logically. This measure is taken to prevent the leakage of sensitive data from secured networks,” wrote researchers Mordechai Guri, Yosef Solewicz, Andrey Daidakulov and Yuval Elovici.
“In the past, it has been shown that malware can exfiltrate data from air-gapped computers by transmitting ultrasonic signals via the computer’s speakers.
“However, such acoustic communication relies on the availability of speakers on a computer. In this paper, we present DiskFiltration, a covert channel which facilitates the leakage of data from an air-gapped computer via acoustic signals emitted from its hard disk drive.”
DiskFiltration, which the INQUIRER has already bagged as the name for a yet to be formed band, relies on malware being installed on the victim computer and a study of the acoustic emissions, so it’s not just about earwigging on a desktop PC with some kind of microphone.
The Cornell dudes reckon that they have a neat spin on it. “Our method is unique in that, unlike other acoustic covert channels, it doesn’t require the presence of speakers or audio hardware in the air-gapped computer,” said the paper.
“A malware installed on a compromised machine can generate acoustic emissions at specific audio frequencies by controlling the movements of the drive’s actuator arm.
“Digital information can be modulated over the acoustic signals and then picked up by a nearby receiver (e.g. smartphone, smartwatch, laptop, etc).”
Based on this proposed method, the researchers developed a transmitter on a PC and a receiver on a smartphone, and have provided the design and implementation details.
“With DiskFiltration we were able to covertly transmit data (e.g. passwords, encryption keys and keylogging data) between air-gapped computers to a smartphone at an effective rate of 180 bits/minute (10,800 bits/hour) and a distance of up to two metres,” the paper added.