Researchers have already shown that data can be stolen through PC speakers and by manipulating fan noises, now a new threat to air-gapped computers has emerged. It is possible to manipulate hard drive noises to transmit data. The new data exfiltration method has been termed “Disk Filtration”. The technique can be used to steal data even when a computer is not connected to the Internet.
Researchers at Ben-Gurion University in Israel have been able to send data by creating acoustic signals using hard drives. It is possible to manipulate the actuator of hard drives in specific ways that allow attackers to transmit small quantities of data such as passwords and cryptographic keys. Data can be transmitted at a rate of 180 bits per minute. The signals can be picked up using a microphone.
While the researchers have demonstrated how the technique can be used to transmit data, the technique is unlikely to prove a popular method for data theft due to the limited number of circumstances in which the technique can be used.
First of all, the air-gapped computer must be infected with malware. Since the malware cannot be downloaded from the Internet or via email, an insider would need to manually install the malware on the air-gapped computer. Physical access to the device would therefore be necessary. The microphone used to pick up the signals would also need to be in relatively close probability to the hard drive. Data can be transmitted to a distance of around 6 feet.
The technique is also far from efficient. Other processes on the computer can interfere with the signal, although the researchers have been able to improve signal-to-noise ratio by using only a very narrow range of acoustic frequencies.
While recent research has demonstrated a threat to air-gapped computers, mitigating risk is fairly straightforward. To protect against this type of attack, as well as attacks that manipulate fan noise, organizations can isolate computers and prevent the use of mobile phones and other devices with microphones from being used in the vicinity of air-gapped systems. Solid-state drives can also be used on air-gapped computers, which would likely prevent this technique from being employed. It is also possible to prevent signals from being received by using mufflers.