Software

App can access 99% computers without network

Everyone knows the sounds of his computer when the hard drive is described. But these sounds are really treacherous and a tour of incidence for hackers? Israeli professionals want to have read by listening to the hard drive anyway, passwords and other sensitive data.

Engineers from Israel can hear your hard drive to read data
With the software DiskFiltration IT engineers from Israel managed to extract sensitive data such as passwords and access data from hard drive noise. The software on a Smartphone records the data in the image. Photo: Ben Gurion University

This is link to research paper published by Cyber Security Research Center from Israel: http://arxiv.org/abs/1608.03431 

PDF: http://arxiv.org/pdf/1608.03431v1.pdf

University in Israel claims is managed security researchers at Ben Gurion to demonstrate a novel eavesdropping on a computer. The Israeli experts of the Cyber Security Research Center have to read and saved the mechanical noise of the hard disk to an ordinary Smartphone.

And differently than usual if hackers get Internet access on the computer that, chopped computer, need not even be connected with the Web. Wiretapping is carried out directly, however up close.

Hard drives make enough noise for a data theft

As the Israeli researchers now describe in a research paper, the movement on the hard drive of a PC produces enough acoustic signals to extract information from it. Typically, reads and writes data only the mechanical arm of the hard disk. But in use are different frequencies, which used can be, so the engineers.

Long, hard drives are much sought after target of hackers. Meanwhile, there are already ways to evaluate the electromagnetic waves of video screens with a cell phone. Another method is the so-called PITA attack (portable instrument for trace acquisition) that can read electromagnetic pulses from computer keyboards with the help of equipment for the detection of electromagnetic waves.

Engineers from Israel
Seagate drive: when describing the hard noise produced, from which sensitive data can be derived. Photo: Seagate

Now have the Israeli researchers found a way, as can be so-called air-gap systems manipulated. These used especially for high safety requirements in companies or in military facilities, to prevent attacks over internal networks or the Internet. Hackers prefer normally networked systems, by using wide area networks and wireless Internet connections, to gain access to sensitive data.

Systems without network access until now considered safe, that could change in the future. Some time ago, researchers have shown that it is possible using sophisticated methods to steal data from computers without Internet access. So high security computer can be hacked through heat. Here the heat development of appropriate sensors are monitored. A device becomes too hot, turn on the ventilation system. Similar like in Morse code applies, controlled changes of in temperature data can be transmitted via these sensors according to researchers.

IT engineers call their hack method DiskFiltration

The recently discovered listening method hard drive noise installs a malicious program on the isolated computer. This is done by a USB memory drive or other peripheral device is connected to the air-gap-computer. Then placed a recording device in the vicinity of the device.

Ben Gurion University
To derive data from the noise of a hard drive, the spy device. In this case must be a Smartphone with maximum two metres. Photo: Ben Gurion University

The peripheral device then manipulated the hard drive of the computer to transmit the data to the Smartphone nearby. The data waiting for the storage media and can be downloaded from the hacker. The malicious software called DiskFiltration can control the movements of the read / write head of the hard disk as coded messages about the noise transmitted, for example, passwords, text files, and access data.

When SSD data theft does not work

Such attacks are not always to accomplish. The above method works not with solid state drives (SSDs), because they have no mechanical components, generate the noise.

The data exchange via sound waves made headlines even 2013. Then it was a Trojan that makes it possible to Exchange data via inaudible audio signals. It was but not noise of the hard drive, but the ability to Exchange data from a computer microphone and speakers and spying.