News BadBIOS malware claimed to defeat air-gaps

Is it the 1st of April or something?

 

This sounds like some science fiction ****.

 

Quickest fix: disconnect or disable the microphone.

It's a clever idea, though - effectively a new use for old-school tech

 

"Preventing infected systems from cooperating is a challenge, too, with network traffic continuing to flow on an infected system despite the removal of all network-related devices - and even the power cord - until the speakers and microphone were detached."

WTF? Zombie computers?????

 

It's got to be a hoax.

One virus that can infect PC & Mac hardware? Gain entry via any operating system? Reprogram USB Flash controllers? Infect a new machine via audio only? Infect an air-gapped clean machine with an MSDN obtained OS?

I'm not buying it.

 

Now that's clever and a whole heap of nasty.

Part of me wants to congratulate the people who wrote the malware for being so damn clever; the other part wants to beat them senseless for being such cruel *******s.

 

It doesn't say anything about infecting a machine via audio, only that two infected computers can communicate via audio.

 

i'd be surprised if the default speakers in a PC generate accurate enough sound to allow much throughput even if you could standardise it and make an IP over audio protocol, and i suspect apart from maybe laptops most PCs don't have a mic by default.

I can see uses for IP/A but i don't see it being practical in any large environment, like broadcast/non-switched networking, once you add more machines your noise level goes up and impacts the throughput for all nodes. In most environments with multiple machines, you'd get all sorts of issues with background nosie and echoes too.

This sounds like a really cool proof of concept but with limited real world applications, all wrapped up in malware.

 

Looks like Skynet is upon us, Happy Halloween everybody!

 

This kinda smells of the Stuxnet worm, only a more advanced version.

 

Which exactly?

He's claiming a machine can be infected without connection to any network (An air-gapped laptop of a friend installing an MSDN obtained OS)

He's claiming flash drive controllers can be re-programmed, and has apparently bricked several during re-flash operations.

He's claiming PC & Mac hardware is susceptible.

He's claimed Linux and Windows is susceptible (Says it's a hardware attach vector). Did he mention OSX I can't recall? So maybe I'm wrong on that one.

I didn't just read one article of his, I read several of his when talking about this 'one' virus.

 

surely the real test is to get recording equipment that can hear and record the highest frequencies phase shift so you can hear it, or use visual waveforms to see the data.

 

No, this malware does not INFECT though sound, it COMMUNICATES with other infectED rigs

The wording of the article is ambiguous, but it does say "spreads through USB sticks" and then "communicating using audio"

 

Is it just me that thinks he cant be much of a security researcher if he cant fully clean a network after 3 years.

 

It's because he's a security researcher that he can't. The rest of us would have copied the data out of there and wiped the drives and flashed the firmware, simple, but he's got to preserve the malware and study it. Think of it like the CDC keeping samples of dangerous viruses and bacteria.

I still think it's a bit crap. If it is a USB storage device passed infection that contains a listening component for communication, even if it has hardware level hooks, it just isn't that monumental of a breakthrough. On the other hand, if it infects at a firmware level, and is as pervasive as the researcher claims, infecting through audio, it is a masterful malware...