10-31-2013, 03:56 PM
|
#1
|
Franchise Player
Join Date: May 2004
Location: Helsinki, Finland
|
Meet "badBIOS", cutting edge virus?
http://arstechnica.com/security/2013...jumps-airgaps/
Fascinating story about what seems to be a real state of the art virus.
Quote:
Ruiu observed more odd phenomena that seemed straight out of a science-fiction thriller. A computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting. His network transmitted data specific to the Internet's next-generation IPv6 networking protocol, even from computers that were supposed to have IPv6 completely disabled. Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed. Further investigation soon showed that the list of affected operating systems also included multiple variants of Windows and Linux.
"We were like, 'Okay, we're totally owned,'
|
|
|
|
10-31-2013, 04:00 PM
|
#2
|
Franchise Player
Join Date: Jul 2008
Location: in a swamp, tied to a cypress tree
|
Hal did this
|
|
|
10-31-2013, 04:05 PM
|
#3
|
Franchise Player
|
That's scary!
|
|
|
The Following User Says Thank You to CaptainCrunch For This Useful Post:
|
|
10-31-2013, 04:39 PM
|
#5
|
Franchise Player
Join Date: Oct 2001
Location: Behind Nikkor Glass
|
^^^ Only reason why that movie was even worth watching.
|
|
|
10-31-2013, 07:00 PM
|
#6
|
wins 10 internets
Join Date: Feb 2006
Location: slightly to the left
|
How the hell are machines communicating with each other with no power? Or zero network access for that matter? Did zombie Nikola Tesla write this virus?
|
|
|
The Following 2 Users Say Thank You to Hemi-Cuda For This Useful Post:
|
|
10-31-2013, 07:33 PM
|
#7
|
Franchise Player
Join Date: Nov 2006
Location: Supporting Urban Sprawl
|
No network access is a bit harder to explain, but no power is a little bit easier to swallow. I assume they didn't remove cmos battery.
Actually, if the other computer is on, I could totally understand basic network communication as well, especially if it has wifi.
__________________
"Wake up, Luigi! The only time plumbers sleep on the job is when we're working by the hour."
Last edited by Rathji; 10-31-2013 at 07:37 PM.
|
|
|
10-31-2013, 09:09 PM
|
#8
|
Atomic Nerd
Join Date: Jul 2004
Location: Calgary
|
If you read the article, they are communicating via ultrasonic noise from speakers to mics in other computers which is already an established working concept.
|
|
|
The Following User Says Thank You to Hack&Lube For This Useful Post:
|
|
10-31-2013, 09:28 PM
|
#9
|
Franchise Player
Join Date: Nov 2006
Location: Supporting Urban Sprawl
|
Yeah I think I missed the last half of the article. I read that they had tested the ultrasonic networking, but missed the part where they figured out that that's how the virus was communicating for sure.
__________________
"Wake up, Luigi! The only time plumbers sleep on the job is when we're working by the hour."
|
|
|
10-31-2013, 10:04 PM
|
#10
|
Franchise Player
Join Date: Feb 2011
Location: Somewhere down the crazy river.
|
Quote:
Originally Posted by Hemi-Cuda
How the hell are machines communicating with each other with no power? Or zero network access for that matter? Did zombie Nikola Tesla write this virus?
|
They were laptops, running off battery.
The rest of that article is hard to read. So, he got two laptops infected with viruses from usb drives (not unheard of) and they set up some kind of network between each other using a mic/speaker?
|
|
|
11-01-2013, 03:11 PM
|
#11
|
Franchise Player
Join Date: Apr 2003
Location: Not sure
|
Quote:
Originally Posted by Wormius
and they set up some kind of network between each other using a mic/speaker?
|
Yep. Clever actually. The only way to stop the virus from spreading was removing the network card, wifi, bluetooth, speakers and mics.
|
|
|
11-01-2013, 05:19 PM
|
#12
|
Franchise Player
Join Date: Feb 2011
Location: Somewhere down the crazy river.
|
Quote:
Originally Posted by GoinAllTheWay
Yep. Clever actually. The only way to stop the virus from spreading was removing the network card, wifi, bluetooth, speakers and mics.
|
That was the part that I didn't quite get. For the virus to infect another computer, the victim computer would need to have its microphone enabled and some software to actually convert the audio to some form of data that could be used to actually do something. The system as described, sounds like both computers need to be pre-infected with this mic/speaker virus and then those two can just communicate with each other, but it still seems isolated to those two computers.
I guess the greater danger would be, being able to just stick a thumb drive into some random computer and being able to grab data off it due to the virus.
I guess this is not significantly different though than how old dial-up BBSs operated, so could get some decent data rates at least.
|
|
|
11-01-2013, 10:57 PM
|
#13
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
I bet it's some kind of social engineering stunt, he's going to say "look at this group of people that responded in this way to this information" or something, I doubt the virus exists.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
11-01-2013, 11:09 PM
|
#14
|
tromboner
Join Date: Mar 2006
Location: where the lattes are
|
Quote:
Originally Posted by Wormius
The system as described, sounds like both computers need to be pre-infected with this mic/speaker virus and then those two can just communicate with each other, but it still seems isolated to those two computers.
|
That's how I read it. But this would allow a computer that has been partially infected (or partially cured) to become fully infected by getting the files it needs from the ultrasonic network.
|
|
|
11-02-2013, 07:17 AM
|
#15
|
Franchise Player
Join Date: May 2004
Location: Helsinki, Finland
|
Here's a boring rebuttal to the story.
http://www.rootwyrm.com/2013/11/the-...ysis-is-wrong/
Quote:
So what do I think? I think that A) a number of security experts flapping their gums are good at security and know nothing about how hardware works and B) it’s absolutely not a BIOS/Firmware level piece of malware. There are far, far too many blatant and obvious detection points. There is no way it could hop from Apple to PC, or even PC to PC or Macbook 2013 to Macbook 2011. (Forget Macbook to Mac Pro.)
I’m not saying that UEFI or BIOS is secure – I’ll get to that in another post – but I am saying that calling it badBIOS is wrong. It’s absolutely not. Either it is an extremely limited piece of BIOS malware or it is occurring at the OS and escaping detection through previously unknown methods. Half the claims made regarding what it does (disabling registry editing, etc.) are so far from reasonable and possible with the BIOS it makes me facepalm. Point blank, these things are absolutely not possible, period. This is something going on at the OS level, the end.
|
|
|
|
The Following 2 Users Say Thank You to Itse For This Useful Post:
|
|
11-02-2013, 10:52 AM
|
#16
|
Franchise Player
Join Date: Feb 2011
Location: Somewhere down the crazy river.
|
It's a clever idea, but how it could ever cause mass infection is beyond me, if close proximity of the computers is a requirement. It would be great if your intent was yo steal information from one computer. Otherwise it seems like stars have to align precisely for this to work reliably.
And on that note, why would any respectable computer authority be sticking questionable thumb drives into their computers?
|
|
|
11-02-2013, 04:30 PM
|
#17
|
Powerplay Quarterback
|
I think the "quality" of a virus isn't based so much how easily it can infect a computer as it is how difficult it is to detect/remove. Viruses will tend to attack similar vulnerabilities - social engineering hacks (like thumb drives) or software exploits. As mentioned before, this virus doesn't infect through sound waves, but it can help heal itself through sound waves, which is what makes it novel. Isolating an infected computer doesn't just mean unplugging a network cable, but potentially disabling the microphone and/or removing nearby computers.
Not necessarily a "game changer", but the idea could lead to more dangerous viruses in the future. One can imagine if there was a vulnerability in a piece of software that did use the microphone/speakers - maybe iTunes, or Skype, say - then, depending on the vulnerability, there might be a chance that an infection could occur over sound waves. Essentially, this increases the "attack surface area".
|
|
|
11-08-2013, 04:34 PM
|
#18
|
Franchise Player
Join Date: Nov 2006
Location: Supporting Urban Sprawl
|
Turns out that a couple people examined his files and evidence that he posted online, and to summarize, they essentially recommended a mental health day for Dragos.
I will see if I can find the links and post them later.
__________________
"Wake up, Luigi! The only time plumbers sleep on the job is when we're working by the hour."
|
|
|
11-10-2013, 02:28 PM
|
#19
|
Franchise Player
Join Date: May 2004
Location: Helsinki, Finland
|
Quote:
Originally Posted by Rathji
Turns out that a couple people examined his files and evidence that he posted online, and to summarize, they essentially recommended a mental health day for Dragos.
I will see if I can find the links and post them later.
|
Yeah.
Boring.
|
|
|
11-10-2013, 02:35 PM
|
#20
|
Threadkiller
Join Date: Oct 2003
Location: 51.0544° N, 114.0669° W
|
Quote:
Originally Posted by Rathji
Turns out that a couple people examined his files and evidence that he posted online, and to summarize, they essentially recommended a mental health day for Dragos.
I will see if I can find the links and post them later.
|
http://arstechnica.com/security/2013...alware-claims/
|
|
|
The Following User Says Thank You to ricosuave For This Useful Post:
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 01:27 AM.
|
|