Quantcast
  1. Sign up now and join over 35,000 northwest gun owners. It's quick, easy, and 100% free!

badBIOS - Linux, Mac, and PC malware that jumps air gaps

Discussion in 'Off Topic' started by ATCclears, Nov 6, 2013.

  1. ATCclears

    ATCclears Seattle area, WA Well-Known Member

    Messages:
    2,266
    Likes Received:
    1,375
    Meet ?badBIOS,? the mysterious Mac and PC malware that jumps airgaps | Ars Technica

    From the article:

    Ruiu said he arrived at the theory about badBIOS's high-frequency networking capability after observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility that it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.

    With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on.

    "The airgapped machine is acting like it's connected to the Internet," he said. "Most of the problems we were having is we were slightly disabling bits of the components of the system. It would not let us disable some things. Things kept getting fixed automatically as soon as we tried to break them. It was weird."
     
  2. Redcap

    Redcap Lewis County, WA Well-Known Member

    Messages:
    3,990
    Likes Received:
    2,731
    "I read it on the interwebs! It's gotta be true!"

    Total hoax.
     
  3. Diamondback

    Diamondback A cold, wet green Hell Well-Known Member

    Messages:
    1,929
    Likes Received:
    2,725
    Ars Technica is usually a pretty reputable source on the tech scene, though...
     
  4. ATCclears

    ATCclears Seattle area, WA Well-Known Member

    Messages:
    2,266
    Likes Received:
    1,375
    I concur with Diamondback. People said the same (ie., "impossible!") when they first read about the Stuxnet virus.

    There are smart people out there. It is quite feasible to transfer something at the BIOS level given the right people and time to design it. I would say it is 30% probable that communication could be done between computers using the microphone and speaker, but then again I don't have skills in that area such that I would be a fool to say it is impossible.

    Let's see where this goes in the months ahead. I've been in IT for 25 years and I think this guy has stumbled onto something.

    Peter
     
  5. Redcap

    Redcap Lewis County, WA Well-Known Member

    Messages:
    3,990
    Likes Received:
    2,731
    Dragos Ruiu is just trolling. Plain and simple. While theoretically possible (and HIGHLY improbable), this has a much smaller chance of being true than the Cult of Ramtha's bullbubblegum.
     
  6. SCannon

    SCannon Battle Ground, WA Active Member

    Messages:
    262
    Likes Received:
    56
    Doesn't surprise me at all, just requires modulation of the speaker at frequencies that we can't hear and the mic on the other machine pics up. Basic transmitter and receiver, we have been doing it for 60 years with lasers and microwaves, and sound waves are just a different frequency. Although it would be a very inefficient way to transmit data, would be interested to see what they see when they do a spectrum analysis above 20kHz.
     
  7. drew

    drew OR Well-Known Member

    Messages:
    4,052
    Likes Received:
    970
  8. elsie

    elsie Way over there on the left Well-Known Member

    Messages:
    888
    Likes Received:
    621
    I think the biggest problem would be to get the cheap speakers and mics most computers are equipped with to actually work above 20KHz. I wonder how he was monitoring the packets and why he didn't acquire a wide-spectrum audio analyzer to determine if there were actually high frequency sounds being produced. It would also allow capturing the bit pattern of the packets.


    elsie
     
  9. BAMCIS

    BAMCIS Eugene Well-Known Member

    Messages:
    1,192
    Likes Received:
    981
    Let's tell the Iranians this is another step Israel is taking.