[b]Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps | Ars Technica[/b]
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
Wow, that's insane.
shit the bed, incredibly clever stuff but a nightmare for IT folks.
We are doomed ... 🙄
Some clever stuff, for sure.
I'm calling bollocks on the evidence as stated.
Ignoring the separate issue of frequency response of laptop speakers and mics. How are ultra high frequency signals going to get past the input and output filters on the class D drive amp and the mic DAC?
These signals, why no scope plots, no details of transmission speeds, encoding methods? It just sounds far too wooley at the moment to me.
If the guy is geeky enough to believe this is the transmission method, he's geeky enough to either have already done these trivial tests or knows someone who would be able to do these tests. Just seems far to lacking in detail for the claims being made.
Should I get some face masks for my computer then?
[img] 
[/img]
Reckon I've got it covered.......[img] 
[/img]
Edit:haha 🙄
What's with all the missing words & lines of text in that article...?
I reckon it's the cleaner ****ing with them. He just reinstalls the virus in the evenings.
I read that the NSA have made aluminium foil manufacturers change the way they make the stuff so that they can still access your data and mind even with extensive foil based shielding in place.
I'm calling bollocks on the evidence as stated.
+1
I read that the NSA have made aluminium foil manufacturers change the way they make the stuff so that they can still access your data and mind even with extensive foil based shielding in place.
I buy my tin foil from Russia Today though, so it's okay.
Some of it sounds plausible to me.
Dodgy USB memory stick/drive or a dodgy copy of an operating system install disk. Then combine that with the NVRAM associated with a UEFI and you could have something that's resident no matter how often you wipe or replace the HDD/SSD. Don't know if you can even clear the NVRAM like you can the CMOS in BIOS with a reset/removing the battery.
IPv6 could then be handy to get to other machines on the same network as most OS's are now dual stack (IPv4/IPv6) and will choose a IPv6 route if available over the same route via IPv4, so if the infected machine pretended to be the local router by responding with a router advertisement it could then do a man in the middle type attack on the local machines.
Russell96, that whooshing sound you just heard was your post going right over my head! I think I sort of got the gist of what you were saying, sort of, but I could be just trying to convince myself so I don't fink I'm a fik as I akcherly is.
I'm glad there are clever bods on here who can look at an article like that, and find the plot holes, if they exist, so more gullible folk like me don't get taken in.
With tech as complicated as it is, it's impossible for laymen to know if something like this is really plausible or not. On the face of it, It certainly looks like it could be.
It's absolute bollox. If someone can show me a standard laptop being controlled via audio then I might think again but the hardware just isn't there. USB drives can be infected shocker. I'm not sure what the point of this article is.
[quote=devs ]It's absolute bollox. If someone can show me a standard laptop being controlled via audio then I might think again but the hardware just isn't there. USB drives can be infected shocker. I'm not sure what the point of this article is.
Wot my esteemed friend says.
What you've got there, boys and girls, is a Halloween ghost story.
Let's handwave the technical aspects for a minute. This has been around for three years, it's got previously unheard of infection methods, elaborate methods of propagating that defy conventional wisdom, and no-one else has come across it apart from some reasonably high-profile security expert? And no-one else has reviewed any of it?
Hogwash. If that's true I'll eat my own willy.
The last three posting were all done by me.
I had taken control of there computers and user accounts by plugging the kettle into the microwave while recording Dr Who.
Sorry if that confused anyone
Hmm - a virus that can infect Windows, OSX, Linux and BeOS, transmit itself via high frequency audio, and reappear on completely clean PCs but has only infected one company?
As cougar says, it's a Halloween story. It's so clearly a ghost story it's a bit cringe worthy.
To be fair, if a virus like that was in the wild, then it would be undetected on any computer [i]except[/i] that of someone like the guy in the article that runs a computer security firm specialising in this kind of thing.
The USB infection sounds pretty interesting, but I can't understand why it apparently took him so long to see that might be an infection vector, even if the technique used was too smart to actually be detected in any normal way.
Cougar - Moderator
What you've got there, boys and girls, is a Halloween ghost story.
and
Jamie - Member
I reckon it's the cleaner ****ing with them. He just reinstalls the virus in the evenings.
means time for
[img]
[/img]
As cougar says, it's a Halloween story. It's so clearly a ghost story it's a bit cringe worthy.
In the comments the journalist admits he is skeptical too, but flat out denies this is just a Halloween hoax.
To be fair, if a virus like that was in the wild, then it would be undetected on any computer except that of someone like the guy in the article that runs a computer security firm specialising in this kind of thing.
And what's the first thing a tech would do?
"Hey guys, look at this!"
In the comments the journalist admits he is skeptical too, but flat out denies this is just a Halloween hoax.
Must be true, then.
Must be true, then.
*wheels out the vegetarian coq au vin*
It's a Halloween AND an April fool hoax then but it's defibately not true in anyway whatsoever
Okay. Let's just say I've watched enough DefCon and BlackHat videos (and worked with enough buggy flash controllers) that I wouldn't just dismiss this with a wave of my hand.
A firmware level attack makes perfect sense if you can pull it off - because you are well below what any virus scanner can detect or do anything about, and you could infect machines regardless of OS.
samuri - Member
As cougar says, it's a Halloween story. It's so clearly a ghost story it's a bit cringe worthy.
There's the thing: it requires people like you lot, who technically speaking have a clue, to point that out for people like me, who have just enough tech knowledge for it to seem plausible.
Which is why I posted it in the first place, 'cos this place is inhabited by sceptics, and if anyone could see through it, it would be someone in the STW Massive. 😀
But you know enough about computers to know you can't infect one by playing it a tune don't you?
Edit: to graham,
It can't be that difficult. I've watched independence day.
I've just hacked my toaster by humming at it.
It now goes all the way up to 11.
But you know enough about computers to know you can't infect one by playing it a tune don't you?
I do.
I haven't read the background articles posted by the researcher, I might take a look tomorrow, but my impression from the article was that the audio-networking-thing wasn't an initial infection vector, but [i]may[/i] have been used to allow infected machines to communicate with each other when they were not networked. (Though the evidence for that in the article itself seems a bit flimsy!)
The BIOS dumps are now available for download, if you fancy risking it.
I think it's real. As [url= http://blog.erratasec.com/2013/10/badbios-features-explained.html#.UnLymShX-pg ]this[/url] guy puts it - nothing you're reading about is that hard for those that have the will.
[No I don't usually wear tinfoil, worry about HAARP or chemtrails - but I do worry about virus' trashing my PC]
A quick bit of reading suggests the BIOS/ACPI rootkit is at least possible:
And as for the sound-network thing... well.. [url= http://www.soundcardpacket.org ]maybeee[/url].. but I remain unconvinced on that one till I see some scope traces!
I wouldn't just dismiss this with a wave of my hand.
I wasn't really talking about the tech, I was talking about the techie. I know a couple of security experts, they tend to be obsessive. There's no way this has been around for three years with only one person coming across it and then not telling anyone.
The story is well written, it's outlandish without being wholly impossible. The sound communication, for instance, would seem to be technically possible (assuming the hardware can handle frequencies over, what, 20KHz?) but it would require an initial infection by other means in order to start listening in the first place, so it begs the question as to why anyone would bother other than because they could. Or there's the BIOS attack; a BIOS is pretty basic (that's what the B stands for) but there's been at least one common in-the-wild virus (CIH / Chernobyl) and there's a thing called the Persistent BIOS Infection. But IIRC most modern BIOSes and EFI require signed code, which makes that sort of shenanigans much more difficult than they used to be.
I'd be more inclined to believe it if it was a single new tech; the EFI attack for instance, or the aforementioned comms, or a BIOS attack, but all these things together? Possible perhaps, but bloody unlikely.
IMHO.
Security expert confused by cutting edge BIOS virus....LOL.
Security expert confused by USB drive propagation of virus....moar LOL!
Cutting edge stuff that..............15 years ago. Not as cutting edge as psychic computers that can communicate with each other with the power disconnected. Man that's good.
Fortunately I have encountered all of this before and the answer is to put the infected PCs into a freezer for at least 24 hours to kill off the infection. Or expose it to absolute zero for 1 second. Make sure that you put it in a waterproof back though as the condensation when you take it out could damage it. Sonic screwdrivers work also.
remember kids in the words of Tim Westwood
[b]Wrap It Up Before You Slap It Up![/b]
[img] 
[/img]
Cutting edge stuff that..............15 years ago.
So why are lots of other security experts intrigued by it and wanting to know more?
You realise that when you say "[i]USB drive propagation of virus[/i]" we're not talking about something obvious that a virus scanner would catch, like an autorun file. The attack he describes doesn't use files, instead it infects the microcontroller on the USB stick. I thinks that is fairly new.
Not as cutting edge as psychic computers that can communicate with each other with the power disconnected. Man that's good.
Again you realise when they say "power disconnected" they mean laptops running on batteries? Not exactly fantastical that.
Like I said skepticism is always good, particularly on the internet, but dismissing this out of hand is almost as naive. Personally I'm interested enough to see what evidence emerges from other sources with the release of the BIOS dumps.
I read that the NSA have made aluminium foil manufacturers change the way they make the stuff so that they can still access your data and mind even with extensive foil based shielding in place.
Holy tin foil Batman!
As cougar says, it's a Halloween story. It's so clearly a ghost story it's a bit cringe worthy.
* Starts working on a film script titled Breaking badBIOS *
[img] 
[/img]
Yep, that USB Condom is a good idea*, but only really useful for something you [i]only[/i] want to charge from USB.
*(assuming you trust the implementation, the microcontroller on it isn't writable, and/or the data lines are not physically connected at all)
I know man, but still, I got to post it without going O/T 🙂
Despite being far fetched, it's plausible.
People thought malware designed to corrupt industrial applications was a fantasty - until Stuxnet was discovered. That relied upon several Windows XP exploits (one of which was still undiscovered) to work on the target.
