Meet "badBIOS", cutting edge virus?

[Itse]

http://arstechnica.com/security/2013...jumps-airgaps/

Fascinating story about what seems to be a real state of the art virus.

Quote:

Ruiu observed more odd phenomena that seemed straight out of a science-fiction thriller. A computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting. His network transmitted data specific to the Internet's next-generation IPv6 networking protocol, even from computers that were supposed to have IPv6 completely disabled. Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed. Further investigation soon showed that the list of affected operating systems also included multiple variants of Windows and Linux.

"We were like, 'Okay, we're totally owned,'

[missdpuck]

Hal did this

[To Be Quite Honest]

That's scary!

[CaptainCrunch]

Anyone else see this chick at the mall?

[Regulator75]

^^^ Only reason why that movie was even worth watching.

[Hemi-Cuda]

How the hell are machines communicating with each other with no power? Or zero network access for that matter? Did zombie Nikola Tesla write this virus?

[Rathji]

No network access is a bit harder to explain, but no power is a little bit easier to swallow. I assume they didn't remove cmos battery.

Actually, if the other computer is on, I could totally understand basic network communication as well, especially if it has wifi.

[Hack&Lube]

If you read the article, they are communicating via ultrasonic noise from speakers to mics in other computers which is already an established working concept.

[Rathji]

Yeah I think I missed the last half of the article. I read that they had tested the ultrasonic networking, but missed the part where they figured out that that's how the virus was communicating for sure.

[Wormius]

Quote:

Originally Posted by Hemi-Cuda

How the hell are machines communicating with each other with no power? Or zero network access for that matter? Did zombie Nikola Tesla write this virus?

They were laptops, running off battery.

The rest of that article is hard to read. So, he got two laptops infected with viruses from usb drives (not unheard of) and they set up some kind of network between each other using a mic/speaker?

[GoinAllTheWay]

Quote:

Originally Posted by Wormius

and they set up some kind of network between each other using a mic/speaker?

Yep. Clever actually. The only way to stop the virus from spreading was removing the network card, wifi, bluetooth, speakers and mics.

[Wormius]

Quote:

Originally Posted by GoinAllTheWay

Yep. Clever actually. The only way to stop the virus from spreading was removing the network card, wifi, bluetooth, speakers and mics.

That was the part that I didn't quite get. For the virus to infect another computer, the victim computer would need to have its microphone enabled and some software to actually convert the audio to some form of data that could be used to actually do something. The system as described, sounds like both computers need to be pre-infected with this mic/speaker virus and then those two can just communicate with each other, but it still seems isolated to those two computers.

I guess the greater danger would be, being able to just stick a thumb drive into some random computer and being able to grab data off it due to the virus.

I guess this is not significantly different though than how old dial-up BBSs operated, so could get some decent data rates at least.

[photon]

I bet it's some kind of social engineering stunt, he's going to say "look at this group of people that responded in this way to this information" or something, I doubt the virus exists.

[SebC]

Quote:

Originally Posted by Wormius

The system as described, sounds like both computers need to be pre-infected with this mic/speaker virus and then those two can just communicate with each other, but it still seems isolated to those two computers.

That's how I read it. But this would allow a computer that has been partially infected (or partially cured) to become fully infected by getting the files it needs from the ultrasonic network.

[Itse]

Here's a boring rebuttal to the story.

http://www.rootwyrm.com/2013/11/the-...ysis-is-wrong/

Quote:

So what do I think? I think that A) a number of security experts flapping their gums are good at security and know nothing about how hardware works and B) it’s absolutely not a BIOS/Firmware level piece of malware. There are far, far too many blatant and obvious detection points. There is no way it could hop from Apple to PC, or even PC to PC or Macbook 2013 to Macbook 2011. (Forget Macbook to Mac Pro.)
I’m not saying that UEFI or BIOS is secure – I’ll get to that in another post – but I am saying that calling it badBIOS is wrong. It’s absolutely not. Either it is an extremely limited piece of BIOS malware or it is occurring at the OS and escaping detection through previously unknown methods. Half the claims made regarding what it does (disabling registry editing, etc.) are so far from reasonable and possible with the BIOS it makes me facepalm. Point blank, these things are absolutely not possible, period. This is something going on at the OS level, the end.

[Wormius]

It's a clever idea, but how it could ever cause mass infection is beyond me, if close proximity of the computers is a requirement. It would be great if your intent was yo steal information from one computer. Otherwise it seems like stars have to align precisely for this to work reliably.

And on that note, why would any respectable computer authority be sticking questionable thumb drives into their computers?

[psyang]

I think the "quality" of a virus isn't based so much how easily it can infect a computer as it is how difficult it is to detect/remove. Viruses will tend to attack similar vulnerabilities - social engineering hacks (like thumb drives) or software exploits. As mentioned before, this virus doesn't infect through sound waves, but it can help heal itself through sound waves, which is what makes it novel. Isolating an infected computer doesn't just mean unplugging a network cable, but potentially disabling the microphone and/or removing nearby computers.

Not necessarily a "game changer", but the idea could lead to more dangerous viruses in the future. One can imagine if there was a vulnerability in a piece of software that did use the microphone/speakers - maybe iTunes, or Skype, say - then, depending on the vulnerability, there might be a chance that an infection could occur over sound waves. Essentially, this increases the "attack surface area".

[Rathji]

Turns out that a couple people examined his files and evidence that he posted online, and to summarize, they essentially recommended a mental health day for Dragos.

I will see if I can find the links and post them later.

[Itse]

Quote:

Originally Posted by Rathji

Turns out that a couple people examined his files and evidence that he posted online, and to summarize, they essentially recommended a mental health day for Dragos.

I will see if I can find the links and post them later.

Yeah.

Boring.

[ricosuave]

Quote:

Originally Posted by Rathji

Turns out that a couple people examined his files and evidence that he posted online, and to summarize, they essentially recommended a mental health day for Dragos.

I will see if I can find the links and post them later.

http://arstechnica.com/security/2013...alware-claims/