Acoustic data exfiltration from speakerless air-gapped computers via covert hard-drive noise (‘DiskFiltration’)

Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, Yuval Elovici

Computer Security–ESORICS 2017: 22nd European Symposium on Research in …, 2017

In the past, it has been shown that malware can exfiltrate data from air-gapped (isolated) networks by transmitting ultrasonic signals via the computer’s speakers. However, such a communication relies on the availability of speakers on a computer. In this paper, we present ‘DiskFiltration’, a method to leak data from speakerless computers via covert acoustic signals emitted from its hard disk drive (HDD) (Video: https://www.youtube.com/watch?v=H7lQXmSLiP8 or http://cyber.bgu.ac.il/advanced-cyber/airgap ). Although it is known that HDDs generate acoustical noise, it has never been studied in the context of a malicious covert-channel. Notably, the magnetic HDDs dominate the storage wars, and most PCs, servers, and laptops todays are installed with HDD drive(s). A malware installed on a compromised machine can generate acoustic emissions …