One of the most effective ways to keep a computer protected from viruses, malware or forms of spying is to create an air gap, a fancy term that simply means a system isn’t connected to the Internet or any type of local network.
Of course, anyone with more than basic knowledge of computer security will tell you that isn’t enough. In 2013, for example, it was revealed that hackers could use inaudible audio signals to communicate with (and infect) PCs that aren’t connected to the Internet or other networks.
Now researchers have developed a new method that uses a computer’s hard drive to create a unique acoustic signal that can be picked up by a nearby device specifically listening for such signals.
The technique, called DiskFiltration, works by controlling the movements of the hard drive’s actuator, the small mechanical arm that moves around a drive’s platters so the attached heads can access stored data or write new data. Precisely controlling the actuator creates unique acoustic signals that can be used to wirelessly transfer things like passwords, cryptographic keys and other sensitive information to a nearby device with a microphone.
As Ars Technica notes, the technique has an effective range of about six feet but can only operate at speeds of about 180 bits per minute. At that rate, it would take around 25 minutes to steal a 4,096-bit key.
While techniques like this and others are indeed possible, their effectiveness in the real world is limited by the fact that you first need to somehow install the necessary malware on the target machine. Systems with high levels of security would make this rather difficult to do.