Hard Drives Of Laptops/Desktops Can Serve As A Source Of Listening To Conversations Of People Nearby
Cybercriminals have a lot of tools and methods for obtaining personal information of users of various electronic devices. And far from always traditional methods of countering attackers such as the use of anti-virus programs or careful evaluation of incoming e-mail with applications and links can help against these methods.
Scientists from the University of Michigan discovered several vulnerabilities, the basis of which is the influence of sound waves on the elements of computer technology. Two weeks ago, at a conference of the American Association for the Advancement of Science (AAAS), held in Washington, USA, a team led by Kevin Foo presented the results of the study. According to them, hard drives of a laptop or desktop PC can record conversations of people nearby.
Of course, this is not about recording sounds by the discs themselves. The fact is that sound waves affect the sensors that generate current. There are a large number of sensors and sensors around us. If desired, attackers can “take readings” by getting a record of conversations.
An example is a study conducted by the same group of scientists two years ago. It included the results of the study of attacks on the sensors of smartphones and smart bracelets using sound signals. Sound waves of the required frequency, which is close to the resonant frequency of the MEMS sensor of the accelerometer under attack, can be embedded in the soundtrack on YouTube. If this video is lost, then an attack occurs on the sensor, which begins to transmit not real readings, but a malicious sequence. In one example, scientists have achieved the derivation of the word WALNUT on a smartphone screen, rather than a measurement curve.
- Now Kevin Fu and his colleagues have demonstrated how hard drives can be used as a platform for recording conversations without microphones.
The whole point is in the work of the feedback system, which is used to accurately position the magnetic heads over the surface of the magnetic plate. Sources of parasitic vibrations of the heads, which include sound waves generated by people in the vicinity of computers, cause the generation of compensation currents by control circuits. The same signals can be deciphered later.
- Scientists claim that the recording accuracy is very high – after decryption, the recording of the sound composition became possible to identify using the Shazam service. Similarly, malware can be used to record people’s conversations and then transfer data to a given source.
According to researchers, soundproofing hard drives should be considered as an important issue by manufacturers of computer equipment. Yes, so far the probability of using such a technique is not too great, but no one can guarantee that a reliable method of eavesdropping using hard disks is developed by someone like the NSA.
Skype is used by millions of people around the world. We showed that during a Skype or video conference call, your keystrokes can be recorded and analyzed by your interlocutors. They can find out what you type, including passwords and other very personal things, said Jean Tsudik, a professor at the UCI computer science department and one of the authors of the new study.
This is necessary to learn the sounds of keystrokes. Knowing certain human input patterns, researchers achieved 91.7% accuracy in determining which keys were pressed. Scientists recorded sound using microphones, accelerometers in mobile devices and other sensors. After the audio stream was collected, the data were analyzed using the methods of controlled and uncontrolled machine learning. As a result, a user data reconstruction was obtained. The researchers argue that to carry out the attack there is no need to install malware on the computer of the potential victim. You just need to listen to the sound of IP-telephony systems.
