badBIOS - Linux, Mac, and PC malware that jumps air gaps

[ATCclears]

Meet ?badBIOS,? the mysterious Mac and PC malware that jumps airgaps | Ars Technica

From the article:

Ruiu said he arrived at the theory about badBIOS's high-frequency networking capability after observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility that it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.

With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on.

"The airgapped machine is acting like it's connected to the Internet," he said. "Most of the problems we were having is we were slightly disabling bits of the components of the system. It would not let us disable some things. Things kept getting fixed automatically as soon as we tried to break them. It was weird."

Read More

 

[Redcap]

"I read it on the interwebs! It's gotta be true!"

Total hoax.

 

[Diamondback]

Ars Technica is usually a pretty reputable source on the tech scene, though...

 

[ATCclears]

I concur with Diamondback. People said the same (ie., "impossible!") when they first read about the Stuxnet virus.

There are smart people out there. It is quite feasible to transfer something at the BIOS level given the right people and time to design it. I would say it is 30% probable that communication could be done between computers using the microphone and speaker, but then again I don't have skills in that area such that I would be a fool to say it is impossible.

Let's see where this goes in the months ahead. I've been in IT for 25 years and I think this guy has stumbled onto something.

Peter

 

[Redcap]

Dragos Ruiu is just trolling. Plain and simple. While theoretically possible (and HIGHLY improbable), this has a much smaller chance of being true than the Cult of Ramtha's bullbubblegum.

 

[SCannon]

Doesn't surprise me at all, just requires modulation of the speaker at frequencies that we can't hear and the mic on the other machine pics up. Basic transmitter and receiver, we have been doing it for 60 years with lasers and microwaves, and sound waves are just a different frequency. Although it would be a very inefficient way to transmit data, would be interested to see what they see when they do a spectrum analysis above 20kHz.

 

[drew]

Looks like there's some other skeptics.

http://arstechnica.com/security/2013/11/researcher-skepticism-grows-over-badbios-malware-claims/

 

[elsie]

I think the biggest problem would be to get the cheap speakers and mics most computers are equipped with to actually work above 20KHz. I wonder how he was monitoring the packets and why he didn't acquire a wide-spectrum audio analyzer to determine if there were actually high frequency sounds being produced. It would also allow capturing the bit pattern of the packets.


elsie

 

[BAMCIS]

Let's tell the Iranians this is another step Israel is taking.