1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News BadBIOS malware claimed to defeat air-gaps

Discussion in 'Article Discussion' started by Gareth Halfacree, 1 Nov 2013.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,388
    Likes Received:
    1,811
  2. Hamfunk

    Hamfunk I AM KROGAN!

    Joined:
    10 Nov 2009
    Posts:
    965
    Likes Received:
    97
    Is it the 1st of April or something? :lol:
     
  3. Shirty

    Shirty Time travelling rogue Super Moderator

    Joined:
    18 Apr 1982
    Posts:
    12,034
    Likes Received:
    1,391
    This sounds like some science fiction ****.
     
  4. Flibblebot

    Flibblebot Smile with me

    Joined:
    19 Apr 2005
    Posts:
    4,649
    Likes Received:
    150
    Quickest fix: disconnect or disable the microphone.

    It's a clever idea, though - effectively a new use for old-school tech
     
  5. greypilgers

    greypilgers New Member

    Joined:
    23 Jan 2011
    Posts:
    442
    Likes Received:
    23
    "Preventing infected systems from cooperating is a challenge, too, with network traffic continuing to flow on an infected system despite the removal of all network-related devices - and even the power cord - until the speakers and microphone were detached."

    WTF? Zombie computers?????
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,388
    Likes Received:
    1,811
    Where 'quick' doesn't necessarily imply it doesn't take a long time. The malware prevents you from making changing to system settings, or reverts those changes, so if you try to disable the microphone in software (or even the soundcard itself in the BIOS, if possible) it'll silently undo that for you. If you're talking about a desktop, sure, you can just unplug the microphone - but it ain't so easy on a laptop, and is pretty likely to be impossible without cracking the case, cutting some cables and voiding your warranty.
    No, just a laptop with a fully-charged battery. :p
     
  7. Guinevere

    Guinevere Mega Mom

    Joined:
    8 May 2010
    Posts:
    2,477
    Likes Received:
    170
    It's got to be a hoax.

    One virus that can infect PC & Mac hardware? Gain entry via any operating system? Reprogram USB Flash controllers? Infect a new machine via audio only? Infect an air-gapped clean machine with an MSDN obtained OS?

    I'm not buying it.
     
  8. Flibblebot

    Flibblebot Smile with me

    Joined:
    19 Apr 2005
    Posts:
    4,649
    Likes Received:
    150
    Now that's clever and a whole heap of nasty.

    Part of me wants to congratulate the people who wrote the malware for being so damn clever; the other part wants to beat them senseless for being such cruel *******s.
     
  9. Flibblebot

    Flibblebot Smile with me

    Joined:
    19 Apr 2005
    Posts:
    4,649
    Likes Received:
    150
    It doesn't say anything about infecting a machine via audio, only that two infected computers can communicate via audio.
     
  10. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,388
    Likes Received:
    1,811
    You might want to re-read the article: several of the things you're not buying aren't actually claims made anywhere in it.
     
  11. adrock

    adrock Caninus Nervous Rex

    Joined:
    5 Dec 2006
    Posts:
    1,263
    Likes Received:
    42
    i'd be surprised if the default speakers in a PC generate accurate enough sound to allow much throughput even if you could standardise it and make an IP over audio protocol, and i suspect apart from maybe laptops most PCs don't have a mic by default.

    I can see uses for IP/A but i don't see it being practical in any large environment, like broadcast/non-switched networking, once you add more machines your noise level goes up and impacts the throughput for all nodes. In most environments with multiple machines, you'd get all sorts of issues with background nosie and echoes too.

    This sounds like a really cool proof of concept but with limited real world applications, all wrapped up in malware.
     
  12. Deders

    Deders New Member

    Joined:
    14 Nov 2010
    Posts:
    4,048
    Likes Received:
    106
    Looks like Skynet is upon us, Happy Halloween everybody!
     
  13. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,252
    Likes Received:
    312
    This kinda smells of the Stuxnet worm, only a more advanced version.
     
  14. Guinevere

    Guinevere Mega Mom

    Joined:
    8 May 2010
    Posts:
    2,477
    Likes Received:
    170
    Which exactly?

    He's claiming a machine can be infected without connection to any network (An air-gapped laptop of a friend installing an MSDN obtained OS)

    He's claiming flash drive controllers can be re-programmed, and has apparently bricked several during re-flash operations.

    He's claiming PC & Mac hardware is susceptible.

    He's claimed Linux and Windows is susceptible (Says it's a hardware attach vector). Did he mention OSX I can't recall? So maybe I'm wrong on that one.

    I didn't just read one article of his, I read several of his when talking about this 'one' virus.
     
  15. RichCreedy

    RichCreedy Hey What Who

    Joined:
    24 Apr 2009
    Posts:
    4,699
    Likes Received:
    172
    surely the real test is to get recording equipment that can hear and record the highest frequencies phase shift so you can hear it, or use visual waveforms to see the data.
     
  16. ChaosDefinesOrder

    ChaosDefinesOrder Vapourmodder

    Joined:
    6 Feb 2008
    Posts:
    706
    Likes Received:
    7
    No, this malware does not INFECT though sound, it COMMUNICATES with other infectED rigs

    The wording of the article is ambiguous, but it does say "spreads through USB sticks" and then "communicating using audio"
     
  17. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,252
    Likes Received:
    312
    Is it just me that thinks he cant be much of a security researcher if he cant fully clean a network after 3 years.
     
  18. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,388
    Likes Received:
    1,811
    Are you claiming they can't be? How exactly does a firmware update work, then? Seems to me that reprograms a writeable storage area on the flash controller with code that is then executed by the drive's processor.
    You know that 'PC' (by which I assume you mean Windows) and Mac hardware is actually the same these days, right? AMD64 x86 processors? 64-bit UEFI BIOS? Intel HD or Nvidia graphics? You can boot Windows on a Mac, and you can boot OS X on (a subset of) Windows systems. They're entirely compatible, modulo some restrictions Apple puts in place on what hardware works under OS X.
    Certainly wouldn't be the first cross-platform malware in history.
    And yet you still persist in claiming he says it can infect via audio (which it can't - only communicate.) Also, you keep calling it a virus: it isn't. It's malware with the properties of a worm. A worm is a self-propagating standalone application; a virus requires a 'host' file which it infects.
     
  19. LordLuciendar

    LordLuciendar meh.

    Joined:
    16 Sep 2007
    Posts:
    334
    Likes Received:
    5
    It's because he's a security researcher that he can't. The rest of us would have copied the data out of there and wiped the drives and flashed the firmware, simple, but he's got to preserve the malware and study it. Think of it like the CDC keeping samples of dangerous viruses and bacteria.

    I still think it's a bit crap. If it is a USB storage device passed infection that contains a listening component for communication, even if it has hardware level hooks, it just isn't that monumental of a breakthrough. On the other hand, if it infects at a firmware level, and is as pervasive as the researcher claims, infecting through audio, it is a masterful malware...
     
  20. Nexxo

    Nexxo Queue Jumper

    Joined:
    23 Oct 2001
    Posts:
    33,571
    Likes Received:
    1,249
     

Share This Page