The HDD head needs to be in precisely the right place, even tiny disturbances can cause data corruption. The researchers discovered the output of the PES sensors can be used to reconstruct high-quality recordings of human speech. Furthermore, they were even able to create recordings of music playing near the HDD, and it was so accurate that Shazam was able to identify the song.
As ExtremeTech reports, the implications for the average user are almost non-existent. But for sensitive environments, it may be a concern.
There are a few notable drawbacks to this eavesdropping method. For one, you need physical access to the hard drive to implant the malicious firmware. Then, you need a package on the computer with internet access to send the PES data. It’s not impossible — state actors have been known to intercept computers and implant bugs before sending them along to the target. The other issue is the sounds near the hard drive need to be rather loud. For human speech, you’re looking at 75dB minimum, which is like having an almost-argument within a few feet of a hard drive. To ID music, it needs to be playing at about 90dB. That’s like a lawnmower.