badBIOS – now this is a bit scary…

Home Forum Chat Forum badBIOS – now this is a bit scary…

Viewing 40 posts - 1 through 40 (of 95 total)
  • badBIOS – now this is a bit scary…
  • CountZero
    Member

    Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps | Ars Technica
    http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

    Bimbler
    Member

    Wow, that’s insane.

    davidrussell
    Member

    shit the bed, incredibly clever stuff but a nightmare for IT folks.

    chewkw
    Member

    We are doomed … 🙄

    Tom83
    Member

    Some clever stuff, for sure.

    IanMunro
    Member

    I’m calling bollocks on the evidence as stated.
    Ignoring the separate issue of frequency response of laptop speakers and mics. How are ultra high frequency signals going to get past the input and output filters on the class D drive amp and the mic DAC?
    These signals, why no scope plots, no details of transmission speeds, encoding methods? It just sounds far too wooley at the moment to me.
    If the guy is geeky enough to believe this is the transmission method, he’s geeky enough to either have already done these trivial tests or knows someone who would be able to do these tests. Just seems far to lacking in detail for the claims being made.

    deadlydarcy
    Member

    Should I get some face masks for my computer then?

    duntstick
    Member

    Reckon I’ve got it covered…….

    Edit:haha 🙄

    Premier Icon takisawa2
    Subscriber

    What’s with all the missing words & lines of text in that article…?

    Jamie
    Member

    I reckon it’s the cleaner ****ing with them. He just reinstalls the virus in the evenings.

    Premier Icon wwaswas
    Subscriber

    I read that the NSA have made aluminium foil manufacturers change the way they make the stuff so that they can still access your data and mind even with extensive foil based shielding in place.

    TheBrick
    Member

    I’m calling bollocks on the evidence as stated.

    +1

    jackthedog
    Member

    I read that the NSA have made aluminium foil manufacturers change the way they make the stuff so that they can still access your data and mind even with extensive foil based shielding in place.

    I buy my tin foil from Russia Today though, so it’s okay.

    Premier Icon Russell96
    Subscriber

    Some of it sounds plausible to me.

    Dodgy USB memory stick/drive or a dodgy copy of an operating system install disk. Then combine that with the NVRAM associated with a UEFI and you could have something that’s resident no matter how often you wipe or replace the HDD/SSD. Don’t know if you can even clear the NVRAM like you can the CMOS in BIOS with a reset/removing the battery.

    IPv6 could then be handy to get to other machines on the same network as most OS’s are now dual stack (IPv4/IPv6) and will choose a IPv6 route if available over the same route via IPv4, so if the infected machine pretended to be the local router by responding with a router advertisement it could then do a man in the middle type attack on the local machines.

    CountZero
    Member

    Russell96, that whooshing sound you just heard was your post going right over my head! I think I sort of got the gist of what you were saying, sort of, but I could be just trying to convince myself so I don’t fink I’m a fik as I akcherly is.
    I’m glad there are clever bods on here who can look at an article like that, and find the plot holes, if they exist, so more gullible folk like me don’t get taken in.
    With tech as complicated as it is, it’s impossible for laymen to know if something like this is really plausible or not. On the face of it, It certainly looks like it could be.

    devs
    Member

    It’s absolute bollox. If someone can show me a standard laptop being controlled via audio then I might think again but the hardware just isn’t there. USB drives can be infected shocker. I’m not sure what the point of this article is.

    Premier Icon scotroutes
    Subscriber

    DeVs wrote:

    It’s absolute bollox. If someone can show me a standard laptop being controlled via audio then I might think again but the hardware just isn’t there. USB drives can be infected shocker. I’m not sure what the point of this article is.

    Wot my esteemed friend says.

    Premier Icon Cougar
    Subscriber

    What you’ve got there, boys and girls, is a Halloween ghost story.

    Let’s handwave the technical aspects for a minute. This has been around for three years, it’s got previously unheard of infection methods, elaborate methods of propagating that defy conventional wisdom, and no-one else has come across it apart from some reasonably high-profile security expert? And no-one else has reviewed any of it?

    Hogwash. If that’s true I’ll eat my own willy.

    The last three posting were all done by me.

    I had taken control of there computers and user accounts by plugging the kettle into the microwave while recording Dr Who.

    Sorry if that confused anyone

    bencooper
    Member

    Hmm – a virus that can infect Windows, OSX, Linux and BeOS, transmit itself via high frequency audio, and reappear on completely clean PCs but has only infected one company?

    samuri
    Member

    As cougar says, it’s a Halloween story. It’s so clearly a ghost story it’s a bit cringe worthy.

    Premier Icon GrahamS
    Subscriber

    To be fair, if a virus like that was in the wild, then it would be undetected on any computer except that of someone like the guy in the article that runs a computer security firm specialising in this kind of thing.

    The USB infection sounds pretty interesting, but I can’t understand why it apparently took him so long to see that might be an infection vector, even if the technique used was too smart to actually be detected in any normal way.

    Premier Icon mikewsmith
    Subscriber

    Cougar – Moderator
    What you’ve got there, boys and girls, is a Halloween ghost story.

    and

    Jamie – Member
    I reckon it’s the cleaner ****ing with them. He just reinstalls the virus in the evenings.

    means time for

    Premier Icon GrahamS
    Subscriber

    As cougar says, it’s a Halloween story. It’s so clearly a ghost story it’s a bit cringe worthy.

    In the comments the journalist admits he is skeptical too, but flat out denies this is just a Halloween hoax.

    Premier Icon Cougar
    Subscriber

    To be fair, if a virus like that was in the wild, then it would be undetected on any computer except that of someone like the guy in the article that runs a computer security firm specialising in this kind of thing.

    And what’s the first thing a tech would do?

    “Hey guys, look at this!”

    In the comments the journalist admits he is skeptical too, but flat out denies this is just a Halloween hoax.

    Must be true, then.

    Jamie
    Member

    Must be true, then.

    *wheels out the vegetarian coq au vin*

    samuri
    Member

    It’s a Halloween AND an April fool hoax then but it’s defibately not true in anyway whatsoever

    Premier Icon GrahamS
    Subscriber

    Okay. Let’s just say I’ve watched enough DefCon and BlackHat videos (and worked with enough buggy flash controllers) that I wouldn’t just dismiss this with a wave of my hand.

    A firmware level attack makes perfect sense if you can pull it off – because you are well below what any virus scanner can detect or do anything about, and you could infect machines regardless of OS.

    CountZero
    Member

    samuri – Member
    As cougar says, it’s a Halloween story. It’s so clearly a ghost story it’s a bit cringe worthy.

    There’s the thing: it requires people like you lot, who technically speaking have a clue, to point that out for people like me, who have just enough tech knowledge for it to seem plausible.
    Which is why I posted it in the first place, ‘cos this place is inhabited by sceptics, and if anyone could see through it, it would be someone in the STW Massive. 😀

    samuri
    Member

    But you know enough about computers to know you can’t infect one by playing it a tune don’t you?

    Edit: to graham,

    IanMunro
    Member

    It can’t be that difficult. I’ve watched independence day.

    Jamie
    Member

    I’ve just hacked my toaster by humming at it.

    It now goes all the way up to 11.

    Premier Icon GrahamS
    Subscriber

    But you know enough about computers to know you can’t infect one by playing it a tune don’t you?

    I do.

    I haven’t read the background articles posted by the researcher, I might take a look tomorrow, but my impression from the article was that the audio-networking-thing wasn’t an initial infection vector, but may have been used to allow infected machines to communicate with each other when they were not networked. (Though the evidence for that in the article itself seems a bit flimsy!)

    Premier Icon gofasterstripes
    Subscriber

    The BIOS dumps are now available for download, if you fancy risking it.

    I think it’s real. As this guy puts it – nothing you’re reading about is that hard for those that have the will.

    [No I don’t usually wear tinfoil, worry about HAARP or chemtrails – but I do worry about virus’ trashing my PC]

    Premier Icon GrahamS
    Subscriber

    A quick bit of reading suggests the BIOS/ACPI rootkit is at least possible:
    http://www.blackhat.com/presentations/bh-dc-07/Heasman/Paper/bh-dc-07-Heasman-WP.pdf

    And as for the sound-network thing… well.. maybeee.. but I remain unconvinced on that one till I see some scope traces!

    Premier Icon Cougar
    Subscriber

    I wouldn’t just dismiss this with a wave of my hand.

    I wasn’t really talking about the tech, I was talking about the techie. I know a couple of security experts, they tend to be obsessive. There’s no way this has been around for three years with only one person coming across it and then not telling anyone.

    The story is well written, it’s outlandish without being wholly impossible. The sound communication, for instance, would seem to be technically possible (assuming the hardware can handle frequencies over, what, 20KHz?) but it would require an initial infection by other means in order to start listening in the first place, so it begs the question as to why anyone would bother other than because they could. Or there’s the BIOS attack; a BIOS is pretty basic (that’s what the B stands for) but there’s been at least one common in-the-wild virus (CIH / Chernobyl) and there’s a thing called the Persistent BIOS Infection. But IIRC most modern BIOSes and EFI require signed code, which makes that sort of shenanigans much more difficult than they used to be.

    I’d be more inclined to believe it if it was a single new tech; the EFI attack for instance, or the aforementioned comms, or a BIOS attack, but all these things together? Possible perhaps, but bloody unlikely.

    IMHO.

    devs
    Member

    Security expert confused by cutting edge BIOS virus….LOL.
    Security expert confused by USB drive propagation of virus….moar LOL!

    Cutting edge stuff that…………..15 years ago. Not as cutting edge as psychic computers that can communicate with each other with the power disconnected. Man that’s good.
    Fortunately I have encountered all of this before and the answer is to put the infected PCs into a freezer for at least 24 hours to kill off the infection. Or expose it to absolute zero for 1 second. Make sure that you put it in a waterproof back though as the condensation when you take it out could damage it. Sonic screwdrivers work also.

    Premier Icon mikewsmith
    Subscriber

    remember kids in the words of Tim Westwood
    Wrap It Up Before You Slap It Up!

    Premier Icon GrahamS
    Subscriber

    Cutting edge stuff that…………..15 years ago.

    So why are lots of other security experts intrigued by it and wanting to know more?

    You realise that when you say “USB drive propagation of virus” we’re not talking about something obvious that a virus scanner would catch, like an autorun file. The attack he describes doesn’t use files, instead it infects the microcontroller on the USB stick. I thinks that is fairly new.

    Not as cutting edge as psychic computers that can communicate with each other with the power disconnected. Man that’s good.

    Again you realise when they say “power disconnected” they mean laptops running on batteries? Not exactly fantastical that.

    Like I said skepticism is always good, particularly on the internet, but dismissing this out of hand is almost as naive. Personally I’m interested enough to see what evidence emerges from other sources with the release of the BIOS dumps.

Viewing 40 posts - 1 through 40 (of 95 total)

The topic ‘badBIOS – now this is a bit scary…’ is closed to new replies.