HDD Microphone

https://github.com/ortegaalfredo/kscope.git

hdd-killer: python script that emits a sound sweep to find the resonant frequency that interferes with the specified HDD. Video demo: https://www.youtube.com/watch?v=8DdqTz3CW5Y

use sound to crash drones by affecting gyroscopic sensor

utilizing the induction of magnetic sensors,
the researchers were able to apply side-channel attacks
for anti-lock braking systems

how to use
electromagnetic interference to inject signals into analog sensors

Audible waves vibrate the read/write head
and platters; ultrasonic waves alter the output of the HDD’s
shock sensor, intentionally causing the head to park.

Y. Michalevsky, D. Boneh, and G. Nakibly,
“Gyrophone: Recognizing Speech from Gyroscope Signals.”
in USENIX Security, 2014, pp. 1053–1067


============
Video Surveillance System Attack - live-feed without detection
============

Attacked system
Ezviz 720p 4-channel video surveillance system
stock Western Digital 3.5” Purple 1 TB

operating system on an on-board flash chip

speaker hangs from the ceiling, resting 10 cm directly
above the video surveillance system’s HDD

The system was subject to the malicious signal for increasing durations (60-180s)
- a 6,900 Hz sinusoidal signal at 120 dB SPL
- we monitored the system manually by looking at the live video feed from the system.
After the concluding the experiment, we examined the recordings from the HDD.

For all tests observer did not notice any abnormalities in the live video stream,
but attack durations longer than 12 seconds caused video loss recorded on the HDD.

Recordings from periods of interference
-less than 105 seconds exhibited video loss from about 12 seconds after being subjected to acoustic induced vibration until the vibration subsided.
In contrast, interference for periods of 105 seconds or longer resulted in video loss
from the beginning of the vibration until the device was restarted

In the case that a victim user is not physically near the system being attacked,
an adversary can use any frequency to attack the system.
The system’s live camera stream never displays indication of an attack.
Also the system does not provide any method to learn of audio in the environment.
Thus, if a victim user were not physically near the system,
an adversary can use audible signals while remaining undetected.
========================================================================

setup generates audible frequencies using
a Tektronix AFG3251 function generator, Yamaha R-S201 audio receiver,
a Pyramid Titanium Bullet Tweeter speaker

setup generates ultrasonic frequencies
a Keysight N5172B EXG X-Series RF Vector Signal Generator,
a CRY584 Power Amplifier, and a NU C Series Ultrasonic Sensor.

The setup measures the emitter’s actual output
using a CRY343 microphone and a RIGOL DS4022 oscilloscope

========================================================================