1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News BadBIOS malware claimed to defeat air-gaps

Discussion in 'Article Discussion' started by Gareth Halfacree, 1 Nov 2013.

  1. schmidtbag

    schmidtbag New Member

    Joined:
    30 Jul 2010
    Posts:
    1,082
    Likes Received:
    10
    I'm still confused - HOW exactly is an un-infected computer supposed to get infected through a sound wave? The mic jack means nothing to a computer and is NOT a data communication port, so the only way for it to translate sound into data is through a program that can interpret it. But, if it takes software to interpret the sound into actual executable code, what's the point of interpreting sound in the first place? Why not just include the entire virus as a single package? The only answer I can think of is "it helps elude anti-malware programs" but I find that a little hard to believe.

    Either way, the virus idea is really creative.
     
  2. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    386
    As has been stated many times it doesn't infect via sound, it is thought to only uses it as a self repair mechanism when you disable/remove all other means of communicating like the LAN, WiFi, Bluetooth, then you start to clean the infection by removing parts of it or enabling/disable devices it will use the audio link (supposedly) to undo the work you are doing to remove it.

    I'm guessing if you disabled the WiFi and all other ways for it to communicate in the BIOS it would fall back to the ultra sound to re-enable its connection to other infected devices.
     
  3. Woodstock

    Woodstock So Say We All

    Joined:
    10 Sep 2006
    Posts:
    1,783
    Likes Received:
    2
    Well the only way to clean the network (once you have isolated the cause) would be to identify the exact cause, and dis-infect in a clean room, which in the normal case would be simply disconnect all network cards, which is where the sound hacks come into play. If he had only one infected machine that would be simple.

    He definitely could have cleaned his machines one by one in a different location, but then he wouldn't have been able to research the problem in detail. In research context there is plenty of reasons to not wipe the infection, until you have learnt everything you want, the main one being well research
     
  4. RichCreedy

    RichCreedy Hey What Who

    Joined:
    24 Apr 2009
    Posts:
    4,699
    Likes Received:
    172
    I don't see why it wouldn't you are after all cancelling a sound waveform, you just make sure the sound cancelling technology has a high enough range
     
  5. tuk

    tuk Don't Tase Me, Bro!

    Joined:
    28 Oct 2012
    Posts:
    493
    Likes Received:
    10
    ^^Assuming you're talking about 'active noise cancelling' this technology focuses on cancelling sounds audible to humans.
     
  6. Gradius

    Gradius IT Consultant

    Joined:
    3 Feb 2009
    Posts:
    284
    Likes Received:
    1
    I pulled out my MIC since 2005.
     
  7. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,185
    Likes Received:
    149
    You could probably just tape something dense with a bit of foam backing over the mic. That would probably be enough to attenuate the signal on the receiving. High frequencies are easier to stop.

    Anyway the dude physically disabled the mic as part of his testing.

    Once you are aware that it is happening its quite straight forward to stop.
     
  8. r3loaded

    r3loaded Well-Known Member

    Joined:
    25 Jul 2010
    Posts:
    1,095
    Likes Received:
    31
  9. tuk

    tuk Don't Tase Me, Bro!

    Joined:
    28 Oct 2012
    Posts:
    493
    Likes Received:
    10
    ^^
     
    Last edited: 4 Nov 2013
  10. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    386
    This guy seems to be focusing to much on the BIOS side of things, understandable as that's his thing. But im not sure it has even been claimed that BadBios is purely a firmware based virus, simply that it has the ability to target a computer's BIOS, and possibly other firmware standards.

    Does the word "target" mean its written entirely in the firmware code, or does "target" mean it can manipulate or introduce hooks in the firmware to other parts of the virus ?
     
  11. Woodstock

    Woodstock So Say We All

    Joined:
    10 Sep 2006
    Posts:
    1,783
    Likes Received:
    2
  12. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    386
    Researcher skepticism grows over badBIOS malware claims
     
  13. impar

    impar Well-Known Member

    Joined:
    24 Nov 2006
    Posts:
    3,106
    Likes Received:
    41
    Greetings!

     

Share This Page