Underwater datacentres vulnerable to sonic attacks
Even whale song poses a threat
Underwater datacentres (UDCs) could face serious threats from acoustic attacks as simple as a high musical note broadcast beneath the waves, according to new research.
UDCs harness the natural cooling properties of the ocean depths, potentially slashing energy consumption and emissions from traditional datacentres. Microsoft's successful 2018 trial, submerging servers off the Scottish coast, showcased the promise of this technology, and other companies have followed suit. However, researchers warn that this set-up creates unique vulnerabilities.
The long-range propagation of sound in water make UDCs susceptible to a new type of sonar attack, a new study has found.
The joint study, by the University of Florida and the University of Electro-Communications in Japan, demonstrates how targeted sound waves can easily disrupt submerged servers.
Dense water transmits sound efficiently, and attackers can trigger malfunctions and crashes by pinpointing hard drives' resonant frequencies. Prolonged exposure can permanently damage storage devices.
The findings will be presented on 20th May at the 45th IEEE Symposium on Security and Privacy, an international cybersecurity conference.
"If it is just a denial-of-service attack, that can take a few seconds, depending on the power of the acoustic signal. But the longer you emit the sound, the more you damage the computer storage device," said Professor Sara Rampazzi, lead researcher from the University of Florida.
Rampazzi and her team tested acoustic attacks on a computer server rack submerged underwater. Using a metal enclosure to simulate a simplified UDC, they conducted trials in both a laboratory tank and a lake.
They discovered that a 5-kilohertz tone could disrupt computer operations from over six metres away.
A commercial speaker playing this tone at 152 decibels underwater - comparable to 92 decibels – compromised the hard drives within 2.5 minutes.
The researchers also simulated attacks using military-grade sonar. This experiment suggested disruption is possible, using sounds at 220 decibels, from distances exceeding 1 km and at a depth of 35 metres.
Even nature poses a threat, according to the researchers. Blue whale calls, reaching 180 decibels, could theoretically cause problems.
While the study identified challenges, Rampazzi's team also explored solutions.
Sound-proof panels, while effective, raised server temperatures too much, negating water's cooling benefits.
Active noise cancellation, like that used in headphones, proved too complex and expensive for large-scale implementation.
However, the researchers developed a machine learning algorithm that could detect attack's disruption patterns. With further development, this could enable networks to minimise damage by reallocating resources before a complete system crash.
A threat beneath the surface
The underwater environment inherently carries security risks. Earlier this year, internet disruptions between continents were linked to severed fibre-optic cables in the Red Sea.
The 2022 attack on the Russia-Germany gas pipeline further highlights the vulnerability of underwater infrastructure.
Unlike those incidents, acoustic attacks could be subtle and difficult to trace.
"The difference here is an attacker can manipulate the datacentre in a controlled way. And it's not easy to detect," warns Rampazzi.
Companies may need to take measures to prevent both intentional and accidental disruptions to protect this critical infrastructure.
"The ocean is awash in sound already. We've demonstrated that these attacks can happen inadvertently from something like a submarine sonar blast, which is extremely loud," said co-author Kevin Butler, director of the Florida Institute for Cybersecurity Research.
"So it's that much more important that we know how to defend against these attacks. These are issues that haven't been studied at all by the security community."