CVE-2022-38392 An OEM 5400 RPM hard drive, as shipped in 2005, can be crashed with a resonant-frequency attack.

The specific hard drive model is a Seagate Barracuda ST3500340AS, and the vulnerable model can be identified by its 5400 RPM speed. The vulnerable hard drive has a firmware version of ST3500340AS, revision A7. The hard drive has a physical location of the 5-pin plug on the motherboard; this plug is the primary conduit between an electrical power source and the hard drive’s mechanical components, such as the motor and gears. In this particular hard drive model, when the plug is inserted into a power source, the hard drive receives a constant electrical current, which is then communicated to the motor and gears. Consequently, if an attacker can send an audio signal at the resonant frequency of the hard drive’s internal components, the hard drive will operate at the speed of that signal and cause a denial of service.

Vulnerable hard drive model and firmware details

This specific hard drive model is one of the most commonly used in computers. The hard drive has a vulnerable firmware version and is susceptible to a denial-of-service attack when an audio signal at the resonant frequency of the hard drive’s components is generated.

What do you need to run an audio attack?

In order to exploit this vulnerability, the attacker would need to be able to send an audio signal at the resonant frequency of 5400 RPM. The attack would not work with any other speed or frequency. This specific hard drive model has a resonant frequency of 22 kHz, and the attackers would need a digital-to-analog converter (DAC) to convert the audio signal into a digital one that is then sent to the hard drive.

Summary

A vulnerability in a hard drive model, the Seagate Barracuda ST3500340AS, could allow for a denial of service attack. The specific vulnerable model can be identified by its 5400 RPM speed and firmware version of ST3500340AS, revision A7.

How Denial of Service via Hard Drive Resonance in Audio Signal Works?

The sound waves created by the audio signal are transmitted to the hard drive’s motor and gears, which causes them to speed up. When multiple signals of this frequency are sent at a regular rate, the effect is amplified. The result is that the hard drive operates at a faster speed than intended, causing a significant performance drop.
Denial of service attacks caused by resonance can be mitigated with software-based solutions that limit the number of connections permitted between an audio device and a computer's sound card.

How to quickly identify a vulnerable drive?

If you are uncertain whether your hard drive is vulnerable to CVE-2022-38392, there are some simple methods that can help identify the specific hard drive model.
First, check if your hard drive has a 5-pin plug on the motherboard. If it does not, then it is not vulnerable.
Next, check if your hard drive has a physical location that is near the 5-pin plug connector on the motherboard. If so, then again it is not vulnerable.
If your computer has a BIOS update available for your device and you have access to the Internet using an ethernet cable or Wi-Fi card, update your BIOS to the most recent version and restart your computer. Then try opening a command prompt in administrator mode and typing “disk management” into the command prompt window; this will allow you to view all of the drives attached to your computer. If you see any other hard drive with a different bus speed than yours, then that particular hard drive is also not vulnerable to CVE-2022-38392.
If none of these methods work and you still cannot determine if your computer is vulnerable or not, contact Seagate Technical Support or seek assistance from an IT professional as soon as possible.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe