 It seems like a new attack vector emerges on a weekly basis, and this week is no exception.  The latest threat:  Emails containing specialized audio files whose acoustic vibrations can damage your computer's hard drive. This is possibly damaging to the point of causing system failure, data corruption, and making it impossible to successfully reboot your machine.
It seems like a new attack vector emerges on a weekly basis, and this week is no exception.  The latest threat:  Emails containing specialized audio files whose acoustic vibrations can damage your computer's hard drive. This is possibly damaging to the point of causing system failure, data corruption, and making it impossible to successfully reboot your machine.
As the researchers point out, "Intentional acoustic interference causes unusual errors in the mechanics of magnetic hard disk drives in desktop and laptop computers, leading to damage to integrity and availability in both hardware and software such as file system corruption and operating system reboots. An adversary without any special-purpose equipment can co-opt built-in speakers or nearby emitters to cause persistent errors."
It should be noted that as scary as this type of attack sounds, in practice, it is of limited value. An increasing percentage of laptops and desktop PCs sold today come with SSDs for storage, which are not vulnerable to this type of attack.
In addition to that, not just "any" sound will do. For the attack to be successful, the acoustic vibrations have to be strong enough to do real harm, and quiet enough that the attack is difficult to detect, lest it be aborted immediately. The combination of those two factors make it unlikely that this one will gain widespread attention from the hacking community. Nonetheless, it pays to be both mindful and vigilant, especially if you have an older PC or work in an office with older equipment.
The research team who discovered the new attack vector have created a new sensor fusion model that could be delivered through a firmware update. Once updated, it would prevent unnecessary head parking in the hard drive, thus limiting the potential damage the attack could cause. So far, there has been no word that PC manufacturers are considering making the necessary changes to their firmware. Time will tell.



