Weiye Xu, Zhejiang University; China Mobile Research Institute; Danli Wen, Zhejiang University; Jianwei Liu, Zhejiang University; Hangzhou City University; Zixin Lin, Zhejiang University; Yuanqing Zheng, The Hong Kong Polytechnic University; Xian Xu and Jinsong Han, Zhejiang University
An air-gapped environment is widely regarded as a secure measure against the leakage of sensitive information, as it is physically isolated from insecure external networks. This paper presents a new covert-channel attack named DiskSpy, which reveals the risk of secretly sending sensitive information from air-gapped environments by modulating hard disk vibrations. In particular, DiskSpy leverages the vibrations of commonly used storage devices, hard disk drives (HDDs), in air-gapped computers to encode sensitive information. It then employs millimeter-wave (mmWave) to sense these vibrations and decode the underlying data. In practice, HDD vibrations are extremely weak and mmWave signals suffer significant power attenuation in long-distance propagation. To realize a practical attack at a long distance, we develop a novel mmWave-based long-range µm-level vibration sensing technique to push the limit of mmWave sensing. We implement DiskSpy with commercial off-the-shelf (COTS) mmWave radars and conduct extensive experiments. The experimental results show that even at a long attack range of 22m, DiskSpy can send secret information to a remote mmWave radar at 20bps with a BER lower than 1.2%. More importantly, DiskSpy has no restriction on the mounting manner and placement of the HDD, and can launch attacks even in the non-line-of-sight (NLOS) scenarios.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
