The DiskFiltration technique works by manipulating the movements of the hard drive’s actuator, which is the arm that accesses specific parts of disk allowing read or write data.
The movements of the actuator are called seek operations, they could be used to discover the content access on the hard drive, including passwords and cryptographic keys.
The researchers also published a video Proof-of-Concept of the method.
The attack method is effective in a range of six feet, it could be used to transfer 180 bits per minute, a speed that could allow exfiltrating a 4096-bit key in about 25 minutes.
The DiskFiltration technique is effective works even the hard drive has in place systems to reduce acoustic noise. The experts noticed that casual noise emissions from other running processes can sometimes interfere with their technique.
“Since our covert channel is based on HDD activity, casual file operations of other running processes may interfere with the transmissions and interrupt them.” the researchers wrote in their paper.
The DiskFiltration technique, like other used to steal data from air-gapped networks, could be useful also to exfiltrate information from Internet-connected systems whose network traffic is carefully monitored and inspected.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.