Buried 4/5 down the page: "<i>One limiting aspect of the described technique is that it requires a fairly loud conversation in the vicinity of the eavesdropping hard drive. To record comprehensible speech, the conversation had to reach 85 dBA, with 75 dBA being the low threshold for capturing muffled sound.</i>"<p>For context, a vacuum cleaner is also 75 decibels, with 80db as the threshold for hearing loss:
<a href="https://ehs.yale.edu/sites/default/files/files/decibel-level-chart.pdf" rel="nofollow">https://ehs.yale.edu/sites/default/files/files/decibel-level...</a><p>So you literally have to scream at each other right in front of the hard drive for it to record discernible speech. This is not an "eavesdropping mic" as the subheading of the article claims. Therefore, it's yet another clickbait BS fearmongering article about an interesting tech hack.
Wow, that is super fun. There is a story which I can neither confirm nor deny that a company with large data centers and drive firmware that exported PES data was able to correlate data from drives in different locations of said data center and make a seismic interferometer which could "image" traffic on a freeway nearby. :-)<p>I had no idea you could get as much as 4KHz of frequency bandwidth out of those sensors. That is a pretty cool result.
Any system that converts physical energy to electric activity (loosely: transducer) can be used to collect signals remotely.<p>I think this is kind of a basic thing that once you know it, you see the possibilities almost everywhere, where you understand how electrical fields can be generated with physical interaction. Transportation of the sensing then becomes the next problem to solve.
The inaudible range is far more likely to used as an attack vector for nefarious purposes.<p><a href="https://arxiv.org/pdf/1708.09537.pdf" rel="nofollow">https://arxiv.org/pdf/1708.09537.pdf</a><p><a href="https://arstechnica.com/information-technology/2017/05/theres-a-spike-in-android-apps-that-covertly-listen-for-inaudible-sounds-in-ads/" rel="nofollow">https://arstechnica.com/information-technology/2017/05/there...</a>
I wonder whether there is a way to reconfigure audio jacks into microphone jacks on an average sound card these days. Little known fact: speakers and headphones are also microphones simply by the physics of how they work.
Story time: I was a young programmer in the 80's, working in an environment where the computers were all housed in their own special isolated computer room, and we devs had to use terminals to gain access - a typical computer ops setup, you've seen it all before.<p>One day, in order to comply with some law or other, the company upgraded the security system, renovating the space such that it was enclosed in bullet-proof glass panels, required a key-card to enter, had an operator at all times (24/7), etc. They installed a Halon fire suppression system, and a gigantic alarm horn to function as a company-wide alert.<p>Well, the day it was all set up, it was time to test it all - Halon test dump, done (very expensive test). Operator still alive (had to use an oxygen mask), done. Alarm siren test: done. Okay, back to work .. hang on .. all of the systems are down .. what's going on ..<p>Yes, the siren was so loud, and had been positioned close enough to the bullet-proof walls, that the focused energy it created had crashed the disks. ;)<p>That was a very expensive renovation. Fortunately, we got the 'restore from last backup' test done pretty quickly ..
I've always been interested to know what kinds of physical attacks security consultants at major firms have uncovered. How many 'obscure' espionage techniques like this or listening for keystroke combinations via audio have been deployed in the real world for malicious purposes?
Also any fast enough accelerometer can be used as a microphone, and no user would complain if an app would ask permissions to use the accelerometer and network pretending they're needed for positioning and updates.
Not sure though how many phones are using fast enough accelerometers to be used to sample voice. Most should go up to a few hundred Hertz with the right software, but human voice requires at least a few KHz bandwidth.
Interesting. I just watched a video yesterday about how you could see screaming on hard drive stats in a data center:<p><a href="https://www.youtube.com/watch?v=tDacjrSCeq4" rel="nofollow">https://www.youtube.com/watch?v=tDacjrSCeq4</a>
It would be way easier to just, you know, eavesdrop with the actual microphone instead?<p>Although it is a cool experiment and POC. A few years ago I took apart 5 HDD's to see if I could make a usable speaker (as a desk/novelty thing). 2 of them worked, one of them worked with decent fidelity. Three failed (probably my fault). The one that worked was a literally massive double-5.25" Maxtor.
The latest in a long long line of TEMPEST research. I think I would prefer to see academic security research steered in the direction of solving problems affecting millions, but an interesting discovery nonetheless.
I remember watching an old YouTube movie from Brendan Gregg where he screams in front of a sun NAS and the voice vibration affects the HD reading speed among other parameters.
So HDDs would benefit from the meta material that kills sound:<p><a href="https://www.bu.edu/research/articles/researchers-develop-acoustic-metamaterial-noise-cancellation-device/" rel="nofollow">https://www.bu.edu/research/articles/researchers-develop-aco...</a><p><a href="https://news.ycombinator.com/item?id=19344682" rel="nofollow">https://news.ycombinator.com/item?id=19344682</a>
This is interesting probably only from an academic point of view (as stated in the article) and only a corner case of what could be done when having the possibility to replace the firmware of a HDD.
"OH MAN - IF WE TALK THIS LOUD SOME ASSHOLE WHO HACKED OUR HARD-DRIVE MIGHT BE ABLE TO HEAR US" - govt worker | "CHRIST MAN WE'RE TRYING TO HAVE A MEETING IN THE SOUNDPROOF MEETING ROOM WE MADE SO PEOPLE WITH HACKED HARD DRIVES COULDN'T HEAR US!" - gov't manager 1 "HARD-DRIVES MAN [shakes fist at desktop]" - govt worker