[jr2]

http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

 

Not sure if Halloween hoax or serious. To infect a firmware, would require knowledge of the specific configuration of the machine, right? As the firmware is responsible for all low-level functions of the device it is specific to.

Would such a piece of malware even be possible? 

[Kopachris]

BIOS viruses are nothing new, afaik.

[jr2]

This one supposedly infects different architectures and communicates via ultrasonic.

[Kopachris]

So it's more advanced and tenacious than previous BIOS malware.  The communicating via ultrasonic thing is impressive, though.

Also,

We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD," Ruiu said. "At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we're using to attack it? This is an air-gapped machine and all of the sudden the search function in the registry editor stopped working when we were using it to search for their keys.

Commence Skynet jokes.

[pecenipicek]

"Air gapped"

what are these? ****ing transformers?


the whole article sounds like some quack going "no honest, look its real, i'm telling you!!!!"


and ars being the ****ty site it is.

[MP-Ryan]

It's hard to believe a story like that, but one also has to consider the source...

...which leads me to wondering:  whose high-security malware attack on whom got loose in Dragos' lab?  This little bastard sounds like the logical evolution of the national security programs that created the likes of stuxnet and flame - and they sat in infected systems for years before going into the wild.

Unfortunately, the list of countries with this kind of technical sophistication runs over a dozen, and there are certainly a number of IT security individuals out that that could build something this clever too.

You have to wonder if Iran is about to scrap a bunch of their IT infrastructure and start buying new machines, though.

[Rodo]

Another of those virus that I'll never get the chance to see, probably cause I'm not the kind of guy that clicks on every DOWNLOAD NOW button I see lost in the interness.

[MP-Ryan]

Another of those virus that I'll never get the chance to see, probably cause I'm not the kind of guy that clicks on every DOWNLOAD NOW button I see lost in the interness.

If this thing IS in the wild, chances are most people probably don't even know their systems are infected.  And the vector appears to be simply plugging in a USB stick that has been in an infected machine (regardless of whether it has been wiped or not).

[Rodo]

Still from what I read some strange behaviour is to be expected from the infected machines, such as no cd booting, getting random data deleted and antivirus/spiware troubleshooting tools malfunction.
I'm in the clear so far for sure.
About the virus itself, I'm pretty sure this article was made just to inflict some kind of concern on less educated pc users and that some of it's facts are exaggerated.

[MP-Ryan]

You might want to check out Drogo Ruiu's Twitter feed.

[The E]

Yeah, at first I was like "WTF, this can't be real" as well.

But it's all definitely possible. Whether it's actually practical is a different question, but nothing here is impossible.
One should definitely keep in mind that noone is claiming that a machine could be infected simply by sitting next to an infected machine; the initial vector seems to be a buffer overflow triggered by a compromised USB device. Once the malware has gained access to the machine that way, then the magic bits with high-frequency audio signals used as net interfaces starts.

But all in all? It's a very very scary and pretty damn sneaky attack, one whose ingenuity I definitely applaud.

[yuezhi]

ALL HAIL LORD MEGABAYTRON

[Lorric]

one whose ingenuity I definitely applaud.

Why? Whoever made it is scum.

[The E]

one whose ingenuity I definitely applaud.

Why? Whoever made it is scum.

Whoever made it is an ingenious hacker who identified and exploited critical vulnerabilities in at least two subsystems common to pretty much all PCs.
Don't get me wrong, malware writers really are scum. There is no doubt about it. But just because they're using their talents for evil does not mean that one cannot appreciate the skill behind this. It's the same kind of grudging respect one pays to a superior, if infuriating, player in any game you care to mention.

This may be something you haven't had contact with, but this kind of really really clever exploit is the stuff of hacker¹ legend. It's right up there in terms of deviousness and ingeniousness with the Thompson Trust Exploit and Robin Hood and Friar Tuck, and the tale of Mel, a real programmer.



¹ Hacker, in this case, referring to the original meaning of the word, as explained here.

[Lorric]

Yes, talent can be acknowledged even if done for evil, but not praised.

Such people would never get a scrap of respect from me. Perhaps fear, but never respect. It's all the worse because they have talent as opposed to some deadbeat who can't do any better. They could be putting it to constructive instead of destructive use.

I might check the links later.

[redsniper]

the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps.

Hahahaha seriously? Holy **** this is some mindless hollywood thriller **** and yet it's actually real. I don't know if I'm ready for our dystopian cyberpunk present.

[MP-Ryan]

Yes, talent can be acknowledged even if done for evil, but not praised.

Such people would never get a scrap of respect from me. Perhaps fear, but never respect. It's all the worse because they have talent as opposed to some deadbeat who can't do any better. They could be putting it to constructive instead of destructive use.

I might check the links later.

You appear to be forgetting that most of the world's information security agencies - who are generally on the side of righteousness, NSA shenanigans aside - hire exactly these sorts of people.

The likes of stuxnet and flame set Iran's nuclear program back by years, if not indefinitely.  That is no small thing, especially as it was done without loss of human life.

Infowarfare and infosecurity are really important fields, and protecting people largely relies on other people with skills like these.  As I said earlier, I would bet good money that this beats Dragos encountered originates from an InfoSec program.

[Lorric]

Yes, talent can be acknowledged even if done for evil, but not praised.

Such people would never get a scrap of respect from me. Perhaps fear, but never respect. It's all the worse because they have talent as opposed to some deadbeat who can't do any better. They could be putting it to constructive instead of destructive use.

I might check the links later.

You appear to be forgetting that most of the world's information security agencies - who are generally on the side of righteousness, NSA shenanigans aside - hire exactly these sorts of people.

The likes of stuxnet and flame set Iran's nuclear program back by years, if not indefinitely.  That is no small thing, especially as it was done without loss of human life.

Infowarfare and infosecurity are really important fields, and protecting people largely relies on other people with skills like these.  As I said earlier, I would bet good money that this beats Dragos encountered originates from an InfoSec program.

Well I would want them working to protect people from this, using their talent for that instead of creating malicious programs to harm people.

A bit like I saw a program (TV program), and there was this guy who kept getting around this club's security, so they hired him as their head of security. And he turned the place into the most secure club in the area.

[Dragon]

It's a pretty well known practice. Hiring hackers to watch the security of the very system they once hacked is a known and rather efficient trick. White Hat hackers even make a living out of this, hacking into things in order to show their vulnerabilities.

[Lorric]

It's a pretty well known practice. Hiring hackers to watch the security of the very system they once hacked is a known and rather efficient trick. White Hat hackers even make a living out of this, hacking into things in order to show their vulnerabilities.

Indeed. It's not the talent/skill set I have a problem with, it's what you use it for.

There are also some hackers who are harmless, they'll hack into things simply for the pleasure and challenge of doing it. They won't actually do any harm once they're in.