A colleague of mine shared a story from Windows XP product support. A major computer manufacturer discovered that playing the music video for Janet Jackson’s “Rhythm Nation” would crash certain models of laptops. I would not have wanted to be in the laboratory that they must have set up to investigate this problem. Not an artistic judgement.
One discovery during the investigation is that playing the music video also crashed some of their competitors’ laptops.
And then they discovered something extremely weird: Playing the music video on one laptop caused a laptop sitting nearby to crash, even though that other laptop wasn’t playing the video!
I did not see that one coming.
This was one of the more “interesting” news on technology side. And yes, it is hard to see it coming.
The reverse has been used to exfiltrate data from “air gapped” systems which don’t have network access nor removable media. The computers themselves don’t have speakers, but HDD acoustic data was a valuable source of output signals: https://arxiv.org/abs/1608.03431
Anyway, as always I would recommend following Raymond Chen’s blog. He also recently posted some articles on ARM64 assembly, or rather a high level tutorial set (was 14+ and going)
sukru,
I came across this link using existing hardware to capture audio…
https://www.hackread.com/hacking-computers-data-radiofrequency/
Many years ago I remember reading about remote information gathering via electromagnetic leaks…
https://electronics.stackexchange.com/questions/388048/espionage-by-crt-mirroring
This was about CRTs and keyboards of the time. However today’s signal buses are obviously much faster and cable shielding could dramatically reduce leakage, but not 100%. So I wonder what would be physically possible today with large antenna arrays and FPGA processors that can use beam-forming to get unprecedented accuracy. I wouldn’t be surprised if governments have this capability in some form although I would think the distance is much worse. It’s hard to send high frequencies through walls even on purpose, such as the signalling used for 5G.
I was thinking about this “Shouting in the Datacenter” video while reading the article only to realize the author posted the same video in the article…
https://www.youtube.com/watch?v=tDacjrSCeq4
I would have appreciated a lot more detail from the article because it leaves a lot of open questions. The explanation isn’t completely satisfactory. He did not define what was meant by “crash”. Whenever I’ve experienced disk faults, the OS and apps continue to run if they’re already loaded in memory, albeit with disk errors and/or slowdowns, but the OS doesn’t actually “crash”. Even a complete disk failure might not be obvious until you reboot because a lot of stuff may be cached. If they did see a real unrecoverable crash, it might suggest there was a windows kernel bug in addition to the disk fault. Maybe it was more than just “sound”, the audio subsystem might have been poorly isolated with high currents inducing voltage into nearby electronics?
I could just be overthinking a funny story, still it would be interesting to hear directly from the engineers who actually worked on it.
Same I expected that video at the end when it said “And of course, no story about natural resonant frequencies can pass without a reference”. But I understood the choice of the other one as well.
I think Windows XP dealt with disk failures maybe less graceful ? Thus crash might be a good choice of word.
It also reminded me of:
https://arstechnica.com/information-technology/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
Lennie,
That is interesting.
With most hardware today a compromised BIOS is a serious problem because it gives the attackers exclusive control over the tools we use to reset the system state, including flashing a new BIOS. It’s for this reason I wish the BIOS was on an MMC slot rather than a soldered eeprom. This would not only save us from bricked motherboards with bad flashes, but it would also allow us to set the read-only tab and be confident that it cannot be changed without physical access.
Even UEFI features like “secure boot” aren’t secure against flash modifications. Anyone who has the ability to modify the flash can modify the secure boot code too. And because the BIOS normally has access to privileged system management modes of the CPU that are out of reach for the OS, the hacks can be virtually undetectable unless they’re actively causing side effects on the user side. Apparently the rootkit in your link had a lot of observable side effects, but just imagine how stealthy it would be if it covered it’s tracks better.
This wouldn’t help if all of one’s machines were infected, but then they’d be in trouble anyways. The key is to perform the flash/verify from a machine that is known to be clean…but how?
Perhaps they could sell simple certified devices that perform an SHA2 sum so that the media can be verified from a device that isn’t reprogrammable at all. But the problem comes back to how do you verify those devices weren’t physically swapped with unfaithful versions of them? Hardware authenticity is much harder to verify than software. Conceivably a target with sophisticated and determined adversaries could end up with all their hardware being infected to hide said fact. A target might need to look at more probabilistic solutions, like buying hardware from unpredictable channels and regularly testing them against each other.
It has to be some kind of open hardware design you can build yourself or something.
Because this supposedly is a real thing:
https://www.infoworld.com/article/2608141/snowden–the-nsa-planted-backdoors-in-cisco-products.html
And even then it’s all really hard: https://www.youtube.com/watch?v=zXwy65d_tu8
An other fun talk by him and his close co-worker, very well fits what I mentioned about HDD firmware before: https://www.youtube.com/watch?v=ruEn7TE4YMM
But I’m not some conspiracy nut or anything, but it’s sad/scary to some extend that even the method of using an airgap isn’t enough. It’s our most basic/fundamental security method.
It’s how we protect our most sensitive infrastructure in the world. I guess now the airgap might also need a sound proof wall or something ?
If Thom can post CCC videos, here is an other one:, as we can see it’s easy for many to make the basic mistakes:
https://media.ccc.de/v/31c3_-_6344_-_en_-_saal_1_-_201412281400_-_security_analysis_of_estonia_s_internet_voting_system_-_j_alex_halderman
(at 41:37 he talks about operational security)
Let’s not forget how many devices have firmware these days:
https://www.theregister.com/2015/02/17/kaspersky_labs_equation_group/
Lennie,
That’s a good point. Ideally you’d use both disk encryption and secure boot to render disk firmware attacks unsuccessful, But unfortunately security boot is very likely compromised to the NSA in it’s default configuration from the manufacturer. You should only trust your own keys and not 3rd party vendors or microsoft’s. Of course in saying this, I realize that it’s not viable for most users to block the keys of operating systems they use even though those keys could be used by government spyware.
Maybe what we need is a analog device for generating large random keys.
Like a Rubik’s Cube with images that form a QR-code or something.
Not a regular QR-code, because it’s ‘only’ 3248 bits.
Some website claimed a regular Rubik’s Cube has 43 quintillion possible configurations
Cloudflare used to use Lava Lamps. Also pretty interesting choice.
This is amazing, absolutely top tier bug. And makes me wonder about the resonant frequencies of other common spinny drives, and if the CIA and friends ever weaponized them. I’ve heard of hacking airgapped systems by feeding their microphones ultrasonics, but never of using resonant frequencies as a blunt instrument to crash or damage computers.
Huh, I commented on this story somewhere, thought it was here. I worked on a system that probably was susceptible to this. I really want to go back and try and find one to see if it was the cause for some of the bug reports we couldn’t figure out. It was a little different set up, with the hard drives secured by springs instead of screws. Yes springs. Why? I have no idea, the company loved re-inventing the wheel badly then trying to patent it. Look its a wheel with two flat spots! What compared to wheels without flatspots its much less likely to roll down an hill out of control! Brilliant! ( years later… Apple has a music player with a click wheel. Our wheel makes funny noises too! Sue them!!!).