If someone sends you an email with a video or audio file, you might want to think twice before hitting play. Researchers from the University of Michigan and China’s Zhejiang University have discovered that attackers can use certain sounds played through your PC speakers to cause physical damage to hard drives, which might lead to data corruption. The attacks could possibly target PCs, medical devices, and surveillance systems that rely on magnetic disk drives.
These malicious audio files contain ultrasonic and sonic sounds, and playing the file for as little as 12 seconds was enough to cause damage to a PC’s drive, The Independent reported. In addition to physical drive damage, the acoustics could also lead to file corruptions by disrupting the drives to the point that they can no longer write data.
“Intentional acoustic interference causes unusual errors in the mechanics of magnetic hard disk drives in desktop and laptop computers, leading to damage to integrity and availability in both hardware and software such as file system corruption and operating system reboots,” the researchers wrote in their paper. “An adversary without any special-purpose equipment can co-opt built-in speakers or nearby emitters to cause persistent errors.”
In order for the attack to work, the acoustic vibrations must be strong enough and the attack must be difficult to detect or stop. The researchers found that the sound waves cause the head stack assembly to vibrate outside of the operational bounds, resulting in a head crash on a hard drive. These physical drive errors can lead to data corruption at the application or operating system levels.
Given that most modern laptops and a number of desktops now rely on solid-state drives for data storage, consumers working on a newer PC shouldn’t be vulnerable to these types of attack. If you’re on an older PC or rely on a hard disk drive for backups, you may still be affected if someone sends you a malicious audio file. However, hospitals and data centers are still vulnerable because of the high use of magnetic disk systems in those environments, the researchers said.
To mitigate attacks, researchers have created a new sensor fusion model that could be delivered through a firmware update. Using a new feedback controller, once malicious ultrasonic waves are detected, the firmware would help prevent unnecessary head parking in the hard drive.