Hard drives in laptops and desktops can be a source of listening to conversations of people nearby
Cybercriminals have a lot of tools and methods for obtaining personal information from users of various electronic devices. And far from always against these methods traditional methods of counteracting intruders like using antiviruses or careful evaluation of incoming e-mail with applications and links can help.
Scientists from the University of Michigan have discovered several vulnerabilities, the basis of which is the influence of sound waves on elements of computer technology. Two weeks ago, at a conference of the American Association for the Advancement of Science (AAAS), held in Washington, USA, a team of experts led by Kevin Fu presented the results of the study. According to them, the hard drives of a laptop or desktop PC can record the conversations of people nearby.
Of course, this is not about recording sounds by the discs themselves. The fact is that sound waves affect the sensors that generate current. There are a lot of sensors and sensors of various kinds around us. If desired, attackers can "take readings" by receiving a conversation record.
An example is the study conducted by the same group of scientists two years ago. It included the results of studying attacks on the sensors of smartphones and smart bracelets using sound signals. Sound waves of the required frequency, which is close to the resonant frequency of the MEMS sensor of the accelerometer being attacked, can be embedded in the soundtrack of the YouTube video. If you play this video, then an attack occurs on the sensor, which begins to transmit not real readings, but a malicious sequence. In one example, scientists have achieved the display of the word WALNUT on the screen of a smartphone, rather than a measurement curve.
Kevin Fu and colleagues have now demonstrated how hard drives can be used as a platform for recording conversations without microphones.
The thing is the feedback system, which is used to accurately position the magnetic heads above the surface of the magnetic plate. Sources of spurious vibration of the heads, which include sound waves generated by people in the vicinity of computers, cause the generation of compensation currents by control circuits. The same signals can subsequently be decrypted.
Scientists claim that the recording accuracy is very high - after decryption, the recording of the sound composition has become possible to identify using the Shazam service. Similarly, malware can be used to record people's conversations and then transfer data to a given source.
According to researchers, sound insulation of hard drives should be considered as an important issue by computer manufacturers. Yes, so far the probability of using such a technique is not too great, but no one will guarantee that a reliable eavesdropping method using hard drives is not developed by someone like the NSA.
In 2016, information was published on Habré about another possibility for eavesdropping. Scientists from the University of California, Berkeley, discovered that attackers could record acoustic signals while talking on Skype.
This is necessary to study the sounds of keystrokes. Knowing certain patterns of human text input, the researchers achieved an accuracy of 91.7% in determining which keys were pressed. Scientists recorded sound using microphones, accelerometers in mobile devices and other sensors. After the sound stream was collected, the data was analyzed using methods of controlled and uncontrolled machine learning. As a result, a reconstruction of user data was obtained. Researchers say that to carry out an attack there is no need to install malware on the computer of a potential victim. You just need to listen to the sound of IP-telephony systems.
“Skype is used by millions of people around the world. We showed that during a conversation on Skype or a video conference, your keystrokes can be recorded and analyzed by your interlocutors. They can find out what you enter, including passwords and other very personal things, ”said Gene Tsudik, professor of computer science at UCI and one of the authors of the new study.