It is quite common to have crashed hard drives, which is mainly caused by thermal stress due to excessive, repeated heating and cooling or the physical shock that results from being dropped or knocked. This is especially common in laptops.

However, a new study reveals that the latest generation of hard drives is more vulnerable to sonic interferences, which refer to sound waves that we never give much importance to.

Impact of sound waves on such a critical component like HDDs is an aspect that is often ignored while discussing or researching on security issues. But researchers at the University of Michigan and Zhejiang University have identified that sonic interferences can mess with a new generation of HDDs and may lead to crashing operating systems. Ultrasonic and sonic attacks would certainly pose as a new attack vector for cybercriminals.

Related: Hackers can steal data from Air-Gapped PCs with microphones & speakers

The findings of their study are published in a paper titled [PDF]: ‘Blue Note: How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems.”

Researchers have noted that ultrasonic sound waves if played over unreliable or cheap speakers can cause serious damages to a computer system. That’s because ultrasonic and sonic sounds have the power to disrupt the read and write processes of magnetic HDDs. Laptops that run on Linux or Windows OSes may need a reboot to function properly after a sonic sound attack.

What happens is that audible sonic sounds cause vibration in the HDD’s head stack; these vibrations are much higher than the normal operating parameters of the head stack and it leads to temporary shut off of data writing function. Normal operations of operating systems are disrupted and halted when ultrasonic sounds generate false positives in the shock sensor of HDDs due to which the drive stops using its head.

Related: Sound Waves can Help Hackers Disrupt Functions of Hard Disk Drives

When researchers tested their hypothesis on Dell XPS 15 9550 by playing audio over its built-in speakers, it took just 45 seconds to become unresponsive and after two minutes the computer had to be rebooted to start functioning again.

They also tested Windows 10 and Ubuntu 16.04 OSes, both of which recorded errors and not only the installed applications but the operating systems also got hanged. This proved that acoustic waves could have the potential to carry out denial of service attacks against computers.

It is definitely a great challenge for “legacy magnetic disks,” which happen to be a common component in safety-critical applications like medical devices, claim researchers. They also proposed a solution in their paper:

“We created and modeled a new feedback controller that could be deployed as a firmware update to attenuate the intentional acoustic interference. Our sensor fusion method prevents unnecessary head parking by detecting ultrasonic triggering of the shock sensor.”

Researchers also pointed out that sonic attack can be used against medical devices and data centers in case strong enough acrostic signals are generated nearby to create errors. However, such an attack would most probably be ineffective because people would take action after hearing the sound. It will work only if the attack is carried out without alerting anyone. Such as an infected webpage triggering sonic sounds when it identifies that nobody is browsing it.

Ultrasonic sounds would prove to be more effective as attack vectors since humans cannot hear them but the success of the attack is dependent upon the strength of sound waves. Computer systems are easier to be attacked and disrupted through denial of service attack but it is also true that ultrasonic attacks would be very difficult to defend as these cannot be detected or disabled.

The research team concluded their research with several recommendations. Such as the HDDs should be redesigned using enhanced dampening to minimize impact received from the sound on sensors. Even if HDDs are enclosed in foam padding the impact can be substantially reduced.

Image credit: Depositphotos