DiskFiltration Stealing data from air-gapped networks via acoustic signals

A group of experts devised a technique dubbed DiskFiltration to exfiltrate data from air-gapped networks relying on acoustic signals emitted from HDDs

We are aware that air-gapped networks aren’t totally secure, security experts have devised several methods to exfiltrate information across the years.

The last technique presented by a group of researchers was dubbed ‘DiskFiltration’ and relies on acoustic signals emitted from the hard drive of computers in air-gapped networks to exfiltrate data.

The DiskFiltration technique was devised by Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici from the Ben-Gurion University.

The team of researchers also published a detailed analysis of its technique is paper titled “DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise.”

The DiskFiltration technique works by manipulating the movements of the hard drive’s actuator, which is the arm that accesses specific parts of disk allowing read or write data.

The movements of the actuator are called seek operations, they could be used to discover the content access on the hard drive, including passwords and cryptographic keys.

The researchers also published a video Proof-of-Concept of the method.

Loading video

The attack method is effective in a range of six feet, it could be used to transfer 180 bits per minute, a speed that could allow exfiltrating a 4096-bit key in about 25 minutes.

The DiskFiltration technique is effective works even the hard drive has in place systems to reduce acoustic noise. The experts noticed that casual noise emissions from other running processes can sometimes interfere with their technique.

“Since our covert channel is based on HDD activity, casual file operations of other running processes may interfere with the transmissions and interrupt them.” the researchers wrote in their paper.

The DiskFiltration technique, like other used to steal data from air-gapped networks, could be useful also to exfiltrate information from Internet-connected systems whose network traffic is carefully monitored and inspected.

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.