Playing low frequency noise to disrupt hard-drives: denial of service for CCTVs, data-centers, and other computing environments


Originally published at:


For those like myself who no longer use mechanical hard disks, bear in mind that almost all data-centers still do, and the aggregate cost of updating them means they won’t be doing so any time soon. Even if you yourself don’t store data in the cloud, your bank, your healthcare provider, your insurance provider(s), and dozens of services you don’t realize you use all do.


Because spinnning disks still win big for price and capacity compared to SSD for the sizes needed in big disk farms.


How about a spoiler alert? Ocean’s 15Hz is totally ruined for me now.


Wow, brilliant attack. If only there was a way to determine the resonant frequencies of the mechanical components without having access to identical hardware beforehand, and without receiving audible feedback in the field.





The farthest successfully performed attack
was at the distance of 71 cm (92.8 dBA) for the 1 TB HDD
at 9.1 kHz frequency, and 44 cm (102.6 dbA) for the 4 TB
HDD at 8.5 kHz.


That hz.


Simple workaround – just throw everything at it.

Back in the day, when (reliable) digital was first appearing in sound reinforcement equipment, we tried “streaming” from a desktop CPU optical out – with regular old HDD – into a digital crossover.

The show itself was for about 2500 seats, so we had brought along the “infrasonic” system: amps and 18" EVs for delivering 12-28Hz…maybe 4000 watts. Sure enough, as soon as the house got to rockin’ the stream began to stutter, skip, and stop. Kill the infra system and all was well; cut it back in and the fun would start all over ; -)


Just you wait-- I’mm’a make a deep Chicago House -style dance single with as many of these frequencies as possible built into the bass groove, and then I’m gonna get in my car and drive real slow past my local Comcast office blasting that song out of my mega-bass car system. This should be fun.


Oh, for fuck sake…

ALT: “New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.”


If you live in Omaha that could be their main data ops center!


Real world risk zero


This is how sonic screwdrivers work. C’mon, get with it folks.


“What are you going to do? Assemble some cabinets at me?”


9.1kHz and 8.5 kHz? I thought it said low frequency. For audible sound, this pretty high.


Yeah, but data centers have doors that keep people out. If you can bring a speaker inside, you can also bring a stick and just start pushing power buttons.


Naw, in most data centers all you need to do is press the large, friendly red one marked ‘EPO’ as you walk out the door briskly, and hope that a) there are no cameras watching you, and b) there’s no security or admins watching, because they will be bringing an ass kicking with them when they catch up to you.