Andrew Liszewski wrote about security researchers who can pull data from a hard disk drive based upon sound. Alright, this is interesting, but it has little to do with those of us who worry about internet hackers, government spooks, thieving employees and neighbors.
This one is called the DiskFiltration Hack. As a hard disk drive’s actuator moves across the disk platter, it produces sound, and those sounds can be translated as data, assuming the listener recording the sounds knows what to look for. It’s a slow process but fast enough to capture an encryption key in a few minutes, and then the device can be hacked.
Or, can it?
First, whoever is recording the audio from a spinning disk drive already has access to the device, so what’s the point? Second, I did a quick inventory check and not one of the dozen or so Macs, iPhones, or iPads in the Mincey Plantation have a spinning hard disk drive, save one old PowerPC Mac mini that just won’t die so we keep it running.
Still, the sound-based hack should be cause for alarm because it’s yet another way some of our devices can be hacked.
I’m beginning to think that nothing we use– Mac, iPhone, iPad, Windows PC or Android device– is safe. They all use electricity. They’re all connected to the internet. So, they all can be stolen and hacked, or plain old hacked over the internet. Unplug it or turn it off and whatever the device is can still be stolen.
If it uses electricity, it’s not safe.
Alright, that’s the premise, but that also means safety comes at a relative price and it’s also relative safety. Generally speaking, Macs are safer than Windows PCs. Ditto for iPhones and iPads which are less prone to malware than Android devices. Absolute security would come with a hefty price tag. Relative security is affordable.
That also means choosing our devices and where we connect them to the internet is an important decision to make. If you need a smartphone and care little about anything beyond browsing, email, texting, Facebook, and phone calls, then any old Android device will do. If you need additional apps and care about how secure they may be, and you want the most privacy you can get, then the extra price tag for an iPhone or iPad is the way to go.
I worry more about misplacing, losing, or having a Mac, iPhone, or iPad stolen than I do about external hacking attempts by government spooks, criminal hackers, or script kiddies. With daily hacks, new vulnerabilities, and exploits in the news– against supposedly secure government, bank, and large corporation computer systems– it’s obvious that Apple’s approach to security and privacy is a good one, but if it uses electricity, it’s not really safe.