Feature

Your Hard Drive May Be Listening

Physics 12, 24
Researchers demonstrated that a hard drive can be used as a microphone, allowing attackers to listen in to conversations.
The read head in a hard drive vibrates in the presence of sound waves, which could allow a remote attacker to listen to anyone nearby.

If you are already nervous about malicious computer attacks, then here’s some unwelcome news: there are many ways in which our technology is vulnerable to attacks based on physics, rather than on software. University of Michigan computer scientist Kevin Fu and his colleagues have found several unsettling ways that sound waves and other sources of interference could be used to commandeer household devices and personal electronics. At the American Association for the Advancement of Science (AAAS) conference in Washington, DC, two weeks ago, he reported his latest scary find: your computer hard drive could—without you knowing it—be used to record your voice.

Sensors are ubiquitous and essential—think of the thermometers in freezers for human eggs, accelerometers in airbags, and voltage monitors in pacemakers. The devices reading these sensors almost universally accept their data without question, but Fu and his colleagues have repeatedly shown that, using carefully crafted electromagnetic and acoustic interference, an attacker can take control of sensor outputs.

For example, the team has shown that appropriate electromagnetic waves can cause a thermocouple—a sensor that produces a voltage to represent the temperature—to be read as showing 1847 degrees Fahrenheit when it was actually at room temperature. They similarly caused the voltage sensor in a pacemaker to provide inaccurate signals.

The researchers produced additional mayhem with sound waves, demonstrating that accelerometers in Fitbits, smart phones, and other devices are vulnerable. In one experiment, they showed that certain high-frequency sound waves can cause a Fitbit to add steps without moving. In another test, they used a specific acoustic waveform to force the graph of the voltage output of an accelerometer to spell out the word “WALNUT.” This waveform worked even when the sound was surreptitiously embedded in a sound track, so an attacker could, in principle, control your phone’s accelerometer by tricking you into watching an online video.

The team’s latest trick is to turn a hard drive into a microphone. They tapped into the feedback system that helps control the position of the read head above the magnetic disk. When the head is buffeted by sound waves, the vibrations are reflected in the voltage signal produced by the drive’s position sensors. By reading this signal, Fu and his colleagues were able to make high-quality recordings of people speaking near the drive.

In another test, they showed that music played nearby could be recorded with high enough fidelity that the music recognition app Shazam could successfully identify the song. Malicious software could use this technique to record audio and then secretly upload it to a remote site, thus bugging a room without ever planting a microphone.

The team proposes defenses against every attack they develop, but Fu is still concerned. He worries most about the security of sensor-dependent systems that make independent decisions, such as temperature controllers in embryo labs, self-driving cars, and even spacecraft. “We just blindly trust these sensors,” he says. The industry needs to take these threats more seriously, and “computer scientists need to spend more time in physics labs.”

–David Ehrenstein

David Ehrenstein is the Focus Editor for Physics.


Recent Articles

Positronium Cooled to Record Low Temperature
Atomic and Molecular Physics

Positronium Cooled to Record Low Temperature

A short-lived combination of an electron and an antielectron has been cooled with lasers to near absolute zero—a step toward tackling fundamental questions about matter and antimatter. Read More »

Identifying Phases in Low-Speed Human Movement
Complex Systems

Identifying Phases in Low-Speed Human Movement

By observing the motion of preschool children, researchers have developed a thermodynamic description of human movement that pinpoints collective phases emerging when social interactions are strong. Read More »

LHC Data Constrain Multiple Higgs Models
Particles and Fields

LHC Data Constrain Multiple Higgs Models

New experimental results from the Large Hadron Collider argue against the existence of multiple Higgs bosons, as predicted in certain “beyond-standard-model” theories. Read More »

More Articles