Sensors are ubiquitous and essential—think of the thermometers in freezers for human eggs, accelerometers in airbags, and voltage monitors in pacemakers. The devices reading these sensors almost universally accept their data without question, but Fu and his colleagues have repeatedly shown that, using carefully crafted electromagnetic and acoustic interference, an attacker can take control of sensor outputs. For example, the team has shown that appropriate electromagnetic waves can cause a thermocouple—a sensor that produces a voltage to represent the temperature—to be read as showing −1847 degrees Fahrenheit when it was actually at room temperature. They similarly caused the voltage sensor in a pacemaker to provide inaccurate signals.
The researchers produced additional mayhem with sound waves, demonstrating that accelerometers in Fitbits, smart phones, and other devices are vulnerable. In one experiment, they showed that certain high-frequency sound waves can cause a Fitbit to add steps without moving. In another test, they used a specific acoustic waveform to force the graph of the voltage output of an accelerometer to spell out the word “WALNUT.” This waveform worked even when the sound was surreptitiously embedded in a sound track, so an attacker could, in principle, control your phone’s accelerometer by tricking you into watching an online video.
The team’s latest trick is to turn a hard drive into a microphone. They tapped into the feedback system that helps control the position of the read head above the magnetic disk. When the head is buffeted by sound waves, the vibrations are reflected in the voltage signal produced by the drive’s position sensors. By reading this signal, Fu and his colleagues were able to make high-quality recordings of people speaking near the drive. In another test, they showed that music played nearby could be recorded with high enough fidelity that the music recognition app Shazam could successfully identify the song. Malicious software could use this technique to record audio and then secretly upload it to a remote site, thus bugging a room without ever planting a microphone.
More here, archived article
My question is: What about solid state?
On a more general note, this kind of stiff has been known since known Win2000 was in common use. I knew a guy who did some classified work insulating piping and conduit connections for places that don't exist. The reason Uncle Sam was doing this is because the commies developed a way to listen in on practically all conversations happening inside the buildings via orbiting space satellites by monitoring the vibrations coming from plumbing and electric cables entering and exiting them. True shit, 100% no larp. This was 25+ years ago mind you.
Oil pipeline companies run fiberoptic line along their pipelines and with a reflector at the end they can pick up on any audio along the line for miles. Same principle just using something like a laser. Think of the resolution ligo has today. Now aim something like this at a window or pvc pipe from space and you can record the vibrations well enough to reconstruct the conversations.
But here are my thoughts on the ramifications. In order to get to tap the hard drive like this first you need to have code execution on the target machine. Nearly all laptops these days have a built in microphone. It's much easier to access an onboard microphone that create a custom microcontroller hack and getting the magnetic read/read mechanism to do what you want without corrupting data on the hard drive or crashing the computer. You have to have a payload that can run on whatever microcontroller and is small enough to fit in the controller's flash memory. Some controllers have a lot of memory. And if you get it to work it would be a cool persistence method for keeping your payload on the target machine even after the drive has been wiped because it's not on the drive. IDK enough about this. It might be as easy as a hacked driver. But this still requires code or command execution on the target machine. So if they manage to get past your inline IPS/IDS and your exploit your end point they will still have to have a custom taylored payload that will run for that specific hard drive if that make sense. Also even if they get code execution on your machine and manage to install this it still has to have a way to hop the firewall. Not that hopping firewall is that difficult but still. I'm worried about this like I'm worried about somebody figuring out how to use NetSpectre to download read my SSH key via sidechannel memory attack.
Also anyone who has payload like this is not going to use it on just anyone. The more it's used the more likely it is to be discovered and have forensic work done on it. Once that is done they will inform the hardware vendor and they will patch it if they can. So it's using a more traditional payload that simply relies on the onboard microphone is more realistic option unless you are a high value target that warrants using a payload that was probably purchased for $200,000.
Mabe this could stand as a case for replacing your HDD with an SSD whenever possible.
The other benefit of using an SSD is that it is impossible to recover data from the drive once it has been zero. HDD on the other hand has residual magnetic states from the first writing of the drive. The only correct way to make HDD data unrecoverable is to /dev/urandom the drive right out of the box before you zero the drive and install your OS.
If the user is an idiot that executes every binary torrented file they get without looking over the source directories or doing basic bitch opsec like double checking the fucking hash key, then they deserve to get botnet. A person would have to be a turbo autist double nigger to warrant attention on a device with no pre-packaged audio/video input pre-installed like on a laptop. Either they are running some closed-system file server or they have a gaymer rig with optional audio (headphone stereo jacks and US port based devices) to have this happen.
Correct me if I'm wrong but basic bitch opsec will save you from a lot of this. Now Spectre and Meltdown on the other hand - you trust manufacturers to not have known about this from the very beginning. A compromise of this degree implies complicity between manufacturers and state sponsored spook programs.
SDD is awesome. The diminishing returns issue has been addressed with either firmware packaged or self-created daemons to trim backed up write function spams on your system scheduler. Look into Fstrim.