bit-tech.net

BadBIOS malware claimed to defeat air-gaps

BadBIOS malware claimed to defeat air-gaps

The badBIOS malware, researcher Dragos Ruiu claims, can communicate even without any networking hardware, by 'talking' via ultrasonic audio.

A security researcher claims to have discovered a strain of malware which can defeat air-gap protections by transmitting itself over inaudible tones generated through computer speakers.

According to analysis by consultant Dragos Ruiu, carried out over the past three years, the so-called badBIOS malware is capable of communicating with other infected machines even when Wi-Fi, Bluetooth, Ethernet, and all other radio or networking devices are disabled or physically removed. The secret, he claims, is high-frequency audio generated from an infected computer's speakers and picked up by another's microphone.

According to a detailed write-up of Ruiu's findings over at Ars Technica, there result is a strain of malware which defeats the most basic of security precautions: the air gap. Named for the literal air-filled gap between computers, a computer protected by an air-gap is physically disconnected from its peers. In these days of ubiquitous wireless connectivity, that extends to an inability to communicate over any form of networking including Bluetooth, WiFi, WiMAX and other standards.

Ruiu claims that badBIOS is a particularly nasty beast: despite having detected the infection three years ago, he has been unable to fully disinfect his network. The malware appears able to infect systems regardless of operating system - with OS X, Linux, Windows and even the notably secure OpenBSD all having shown signs of succumbing to the infection - and to continue communication even when a computer is air-gapped from the network.

The badBIOS malware, as the name suggests, resides in hard-to-detect and harder-to-clean areas of the computer including the Unified Extensible Firmware Interface (UEFI) BIOS of modern systems. Spread on infected USB sticks, Ruiu claims, the badBIOS malware sticks tight into a system once installed and is extremely difficult to remove. Preventing infected systems from cooperating is a challenge, too, with network traffic continuing to flow on an infected system despite the removal of all network-related devices - and even the power cord - until the speakers and microphone were detached.

That, Ruiu claims, is proof that the computers are communicating using audio - but at frequencies too high for a human to hear. If so, the security industry faces a challenge: by using a side-channel like audio to communicate, infected systems can coordinate and transfer data without being logged or triggering alarms on network-based intrusion detection systems.

The biggest risk, however, is to security researchers themselves. If badBIOS can easily be transferred using USB and other removeable storage devices, infect low-level portions of a system, and communicate even when air-gapped, researchers who take forensic images of other computers are the most likely to be infected - and with potentially disastrous results.

More details of Ruiu's research are available on his Google+ account.

52 Comments

Discuss in the forums Reply
Hamfunk 1st November 2013, 11:15 Quote
Is it the 1st of April or something?
Shirty 1st November 2013, 11:22 Quote
This sounds like some science fiction ****.
Flibblebot 1st November 2013, 11:36 Quote
Quickest fix: disconnect or disable the microphone.

It's a clever idea, though - effectively a new use for old-school tech
greypilgers 1st November 2013, 11:37 Quote
"Preventing infected systems from cooperating is a challenge, too, with network traffic continuing to flow on an infected system despite the removal of all network-related devices - and even the power cord - until the speakers and microphone were detached."

WTF? Zombie computers?????
Gareth Halfacree 1st November 2013, 11:37 Quote
Quote:
Originally Posted by Flibblebot
Quickest fix: disconnect or disable the microphone.
Where 'quick' doesn't necessarily imply it doesn't take a long time. The malware prevents you from making changing to system settings, or reverts those changes, so if you try to disable the microphone in software (or even the soundcard itself in the BIOS, if possible) it'll silently undo that for you. If you're talking about a desktop, sure, you can just unplug the microphone - but it ain't so easy on a laptop, and is pretty likely to be impossible without cracking the case, cutting some cables and voiding your warranty.
Quote:
Originally Posted by greypilgers
"Preventing infected systems from cooperating is a challenge, too, with network traffic continuing to flow on an infected system despite the removal of all network-related devices - and even the power cord - until the speakers and microphone were detached."
WTF? Zombie computers?????
No, just a laptop with a fully-charged battery. :p
Guinevere 1st November 2013, 11:41 Quote
It's got to be a hoax.

One virus that can infect PC & Mac hardware? Gain entry via any operating system? Reprogram USB Flash controllers? Infect a new machine via audio only? Infect an air-gapped clean machine with an MSDN obtained OS?

I'm not buying it.
Flibblebot 1st November 2013, 11:41 Quote
Quote:
Originally Posted by Gareth Halfacree
Where 'quick' doesn't necessarily imply it doesn't take a long time. The malware prevents you from making changing to system settings, or reverts those changes, so if you try to disable the microphone in software (or even the soundcard itself in the BIOS, if possible) it'll silently undo that for you. If you're talking about a desktop, sure, you can just unplug the microphone - but it ain't so easy on a laptop, and is pretty likely to be impossible without cracking the case, cutting some cables and voiding your warranty.
Now that's clever and a whole heap of nasty.

Part of me wants to congratulate the people who wrote the malware for being so damn clever; the other part wants to beat them senseless for being such cruel *******s.
Flibblebot 1st November 2013, 11:42 Quote
Quote:
Originally Posted by Guinevere
Infect a new machine via audio only?
It doesn't say anything about infecting a machine via audio, only that two infected computers can communicate via audio.
Gareth Halfacree 1st November 2013, 11:43 Quote
Quote:
Originally Posted by Guinevere
One virus that can infect PC & Mac hardware? Gain entry via any operating system? Reprogram USB Flash controllers? Infect a new machine via audio only? Infect an air-gapped clean machine with an MSDN obtained OS? I'm not buying it.
You might want to re-read the article: several of the things you're not buying aren't actually claims made anywhere in it.
adrock 1st November 2013, 11:57 Quote
i'd be surprised if the default speakers in a PC generate accurate enough sound to allow much throughput even if you could standardise it and make an IP over audio protocol, and i suspect apart from maybe laptops most PCs don't have a mic by default.

I can see uses for IP/A but i don't see it being practical in any large environment, like broadcast/non-switched networking, once you add more machines your noise level goes up and impacts the throughput for all nodes. In most environments with multiple machines, you'd get all sorts of issues with background nosie and echoes too.

This sounds like a really cool proof of concept but with limited real world applications, all wrapped up in malware.
Deders 1st November 2013, 12:13 Quote
Looks like Skynet is upon us, Happy Halloween everybody!
Corky42 1st November 2013, 12:23 Quote
This kinda smells of the Stuxnet worm, only a more advanced version.
Guinevere 1st November 2013, 13:29 Quote
Quote:
Originally Posted by Gareth Halfacree
You might want to re-read the article: several of the things you're not buying aren't actually claims made anywhere in it.

Which exactly?

He's claiming a machine can be infected without connection to any network (An air-gapped laptop of a friend installing an MSDN obtained OS)

He's claiming flash drive controllers can be re-programmed, and has apparently bricked several during re-flash operations.

He's claiming PC & Mac hardware is susceptible.

He's claimed Linux and Windows is susceptible (Says it's a hardware attach vector). Did he mention OSX I can't recall? So maybe I'm wrong on that one.

I didn't just read one article of his, I read several of his when talking about this 'one' virus.
RichCreedy 1st November 2013, 13:40 Quote
surely the real test is to get recording equipment that can hear and record the highest frequencies phase shift so you can hear it, or use visual waveforms to see the data.
ChaosDefinesOrder 1st November 2013, 13:41 Quote
Quote:
Originally Posted by Guinevere
Quote:
Originally Posted by Gareth Halfacree
You might want to re-read the article: several of the things you're not buying aren't actually claims made anywhere in it.

Which exactly?

He's claiming a machine can be infected without connection to any network (An air-gapped laptop of a friend installing an MSDN obtained OS)

He's claiming flash drive controllers can be re-programmed, and has apparently bricked several during re-flash operations.

He's claiming PC & Mac hardware is susceptible.

He's claimed Linux and Windows is susceptible (Says it's a hardware attach vector). Did he mention OSX I can't recall? So maybe I'm wrong on that one.

I didn't just read one article of his, I read several of his when talking about this 'one' virus.

No, this malware does not INFECT though sound, it COMMUNICATES with other infectED rigs

The wording of the article is ambiguous, but it does say "spreads through USB sticks" and then "communicating using audio"
Corky42 1st November 2013, 14:02 Quote
Is it just me that thinks he cant be much of a security researcher if he cant fully clean a network after 3 years.
Gareth Halfacree 1st November 2013, 14:18 Quote
Quote:
Originally Posted by Guinevere
He's claiming flash drive controllers can be re-programmed, and has apparently bricked several during re-flash operations.
Are you claiming they can't be? How exactly does a firmware update work, then? Seems to me that reprograms a writeable storage area on the flash controller with code that is then executed by the drive's processor.
Quote:
Originally Posted by Guinevere
He's claiming PC & Mac hardware is susceptible.
You know that 'PC' (by which I assume you mean Windows) and Mac hardware is actually the same these days, right? AMD64 x86 processors? 64-bit UEFI BIOS? Intel HD or Nvidia graphics? You can boot Windows on a Mac, and you can boot OS X on (a subset of) Windows systems. They're entirely compatible, modulo some restrictions Apple puts in place on what hardware works under OS X.
Quote:
Originally Posted by Guinevere
He's claimed Linux and Windows is susceptible (Says it's a hardware attach vector). Did he mention OSX I can't recall? So maybe I'm wrong on that one.
Certainly wouldn't be the first cross-platform malware in history.
Quote:
Originally Posted by Guinevere
I didn't just read one article of his, I read several of his when talking about this 'one' virus.
And yet you still persist in claiming he says it can infect via audio (which it can't - only communicate.) Also, you keep calling it a virus: it isn't. It's malware with the properties of a worm. A worm is a self-propagating standalone application; a virus requires a 'host' file which it infects.
LordLuciendar 1st November 2013, 14:23 Quote
Quote:
Originally Posted by Corky42
Is it just me that thinks he cant be much of a security researcher if he cant fully clean a network after 3 years.

It's because he's a security researcher that he can't. The rest of us would have copied the data out of there and wiped the drives and flashed the firmware, simple, but he's got to preserve the malware and study it. Think of it like the CDC keeping samples of dangerous viruses and bacteria.

I still think it's a bit crap. If it is a USB storage device passed infection that contains a listening component for communication, even if it has hardware level hooks, it just isn't that monumental of a breakthrough. On the other hand, if it infects at a firmware level, and is as pervasive as the researcher claims, infecting through audio, it is a masterful malware...
Nexxo 1st November 2013, 14:35 Quote
Quote:
Originally Posted by Deders
Looks like Skynet is upon us, Happy Halloween everybody!
Quote:
Topher Brink: An entire army in a single instant. That's all it takes. That's brilliant. That's so brilliant. Why didn't I think of that?

[pause]

Topher Brink: Did I think of that?... Did I?... Oh my God... Oh my God!
Corky42 1st November 2013, 14:36 Quote
Quote:
Originally Posted by LordLuciendar
It's because he's a security researcher that he can't.

Yea i get the need to keep a sample for study so to speak, but wouldn't you take the simple precaution of having some clean USB drives around (as in factory sealed) for just such an occasion.
Quote:
Originally Posted by LordLuciendar
infecting through audio
If my understanding is correct it doesn't infect through audio, merely communicates through it for things like self repair.
Sparrowhawk 1st November 2013, 15:02 Quote
Honestly, I think what's happened is the badBIOS affects either or all of:
ACPI
Flash controllers
Sound cards (RealTek is near ubiquitous and attacking the firmware would be easy.)
and the BIOS.

Something here is serious enough to survive just a simple OS wipe or hard drive change.
greypilgers 1st November 2013, 15:33 Quote
Quote:
Originally Posted by greypilgers
"Preventing infected systems from cooperating is a challenge, too, with network traffic continuing to flow on an infected system despite the removal of all network-related devices - and even the power cord - until the speakers and microphone were detached."
WTF? Zombie computers?????
Quote:
Originally Posted by Gareth Halfacree
No, just a laptop with a fully-charged battery. :p

Awww... I was kinda looking forward to a World War CPU-Z or summat...
LordPyrinc 1st November 2013, 16:49 Quote
Now where did I put that tin foil hat?
ChaosDefinesOrder 1st November 2013, 16:54 Quote
Quote:
Originally Posted by LordPyrinc
Now where did I put that tin foil hat?

don't forget the ear-plugs given the sonic nature of this malware!
tuk 1st November 2013, 17:10 Quote
It a great idea, create a vpn from nothing, less chance of being monitored ergo detected, bypass network firewalls, packet sniffers etc + using sound frequencies outside the range of human hearing.
RichCreedy 1st November 2013, 17:32 Quote
use sound cancelling technology to prevent the communications?
Corky42 1st November 2013, 17:58 Quote
Would sound cancelling technology work seeing as its using sound above normal human hearing ?
Tyr 1st November 2013, 18:03 Quote
LOL! It is technically possible for this to happen. But it would be a complete and utter waste of time.

You would need a high quality speakers and microphones. Your normal run of the mill ones distort too easily and have a more limited frequency range. Even high end speakers will not produce sound pressure waves at useful frequencies and energy levels.

Say some speaker can produce sound at 30kHz at a usable volume and a microphone elsewhere can pick it up. That is still only 30kpbs at best! That is roughly 1MB every 5 minutes. It is pretty useless in this day and age.

This is ignoring the fact that most microphones are not sensitive enough past 16kHz to have a decent signal to noise ratio. Mainly because they don't need to be and would be far more expensive if they were. Pretty much the same story with speakers they do not produce useful sound over 25kHz if at all.

All in all we can agree that this is a massive pile of BS.
tuk 1st November 2013, 18:12 Quote
Quote:
Originally Posted by Tyr

This is ignoring the fact that most microphones are not sensitive enough past 16kHz to have a decent signal to noise ratio.
You wouldn't need a clean signal, just being able to effect( even adversely...static? ) the transducer in the mic would be enough to give you a binary communication link, it might even be possible to do this over some distance using the right kind of signal/interference.
Corky42 1st November 2013, 19:13 Quote
Quote:
Originally Posted by Tyr
That is still only 30kpbs at best! That is roughly 1MB every 5 minutes. It is pretty useless in this day and age.
Seeing as most virus are extremely small i would think 30kpbs would be overkill, and seeing as the transmission and reception via audio is only used as a self repair mechanism it probably wouldn't need to send more than a few bytes.
Deders 1st November 2013, 19:27 Quote
Quote:
Originally Posted by Tyr
LOL! It is technically possible for this to happen. But it would be a complete and utter waste of time.

You would need a high quality speakers and microphones. Your normal run of the mill ones distort too easily and have a more limited frequency range. Even high end speakers will not produce sound pressure waves at useful frequencies and energy levels.

Say some speaker can produce sound at 30kHz at a usable volume and a microphone elsewhere can pick it up. That is still only 30kpbs at best! That is roughly 1MB every 5 minutes. It is pretty useless in this day and age.

This is ignoring the fact that most microphones are not sensitive enough past 16kHz to have a decent signal to noise ratio. Mainly because they don't need to be and would be far more expensive if they were. Pretty much the same story with speakers they do not produce useful sound over 25kHz if at all.

All in all we can agree that this is a massive pile of BS.

^This^
Cheapskate 1st November 2013, 19:28 Quote
It sounds very interesting. I'd like to read the rest of his doc. Anyone interested in printing it out and mailing it to me?
Guinevere 2nd November 2013, 00:13 Quote
Quote:
Originally Posted by Gareth Halfacree
Stuff he said...

I'm not claiming that such attacks as re-flashing USB sticks is impossible, I'm saying it's extremely unlikely that a single piece of malware can attack the firmware of PCs and Macs, prevent USB booting, flash USB drives, attack via USB flash drive in Windows, Linux and OSX... and communicate via ultrasound.

And don't get me started about how he thinks his friends laptop was attacked when it was initially clean and kept off any network.

He's found no software. No malware. No evidence. He's not been peer reviewed or provided anything like detailed information on his findings. So....

Slap with a wet fish and call be sceptic... but...

I. AM. NOT. BUYING. IT.
Corky42 2nd November 2013, 00:47 Quote
Quote:
Originally Posted by Guinevere
I'm not claiming that such attacks as re-flashing USB sticks is impossible, I'm saying it's extremely unlikely that a single piece of malware can attack the firmware of PCs and Macs, prevent USB booting, flash USB drives, attack via USB flash drive in Windows, Linux and OSX... and communicate via ultrasound.

And don't get me started about how he thinks his friends laptop was attacked when it was initially clean and kept off any network.

He's found no software. No malware. No evidence. He's not been peer reviewed or provided anything like detailed information on his findings.

Its not much of a stretch on what can already been done, Flashing BIOS, EFI, and UEFI firmware is a simple thing to do and is not dependent on what OS is installed. Firmware rootkits have been in use since 2008 when criminals tampered with European credit-card-reading machines before they were installed. Most modern systems come with UEFI type BIOS that make disabling or enabling devices a very simple thing to do, and seeing as all BIOS can issue beep codes its not difficult to see how this could be used to communicate more than error to a person.

But i to share some scepticism due to the lack of published evidence, although when someone with 15 years experience in his field makes a claim about something i think its best to given them the benefit of doubt. Even if he is running the PacSec security conferences in two weeks and it could just be a publicity exercise.

I found this an interesting read on how simple it would be for something like BadBIOS to do all the things that are claimed. http://blog.erratasec.com/2013/10/badbios-features-explained.html
wolfticket 2nd November 2013, 03:43 Quote
It seems it can only defeat airgaps if both machines are already compromised, in which case the airgap is already defeated. Saying it can "infect" past an effective airgap is misleading

However, given that, I do think think transmitting quite small but useful amounts of data over audio from one infected machine to another is quite feasible.
Quote:
Originally Posted by Tyr
LOL! It is technically possible for this to happen. But it would be a complete and utter waste of time.

You would need a high quality speakers and microphones. Your normal run of the mill ones distort too easily and have a more limited frequency range. Even high end speakers will not produce sound pressure waves at useful frequencies and energy levels.

Say some speaker can produce sound at 30kHz at a usable volume and a microphone elsewhere can pick it up. That is still only 30kpbs at best! That is roughly 1MB every 5 minutes. It is pretty useless in this day and age.

This is ignoring the fact that most microphones are not sensitive enough past 16kHz to have a decent signal to noise ratio. Mainly because they don't need to be and would be far more expensive if they were. Pretty much the same story with speakers they do not produce useful sound over 25kHz if at all.

All in all we can agree that this is a massive pile of BS.
If the amount of data is small and the system knows what to look for then a high signal to noise ratio shouldn't be too much of a problem. The audio equivalent of a bar code. Shazam is presumably doing something roughly similar often with a very high SNR.

You say 1MB every 5min is pretty useless. Stuxnet was half a MB...
Woodstock 2nd November 2013, 04:57 Quote
From other articles the first symptom was simply, a laptop that refused to boot from a CD. The audio networking link, was discovered off a machine sending and receiving IPV6 packets despite not having OS level support for IPV6.

As for the comments about his skill based on the 3 years, your talking about techniques never seen in the wild, on bizarre symptoms and seemingly unrelated. Plenty of other respected security workers, are taking him seriously. This is all happening at a level below the OS too, for initial infection.

USB hosts on all platforms, also assume the device is friendly, most implementations in BIOS/UEFI and OS drivers, trust that if the spec says the device will send 16 bytes that it will, and doesn't actually check the amount. Some fairly standard buffer overflow problems are present. The number of different controllers for USB is not very many either. It all sounds quite plausible, and defiantly interring.

Also I doubt he would risk his credibility on a hoax (would ruin him in so many ways) to drum up support for an already well attended conference.
Corky42 2nd November 2013, 06:56 Quote
Quote:
Originally Posted by Woodstock
<Snip>
As for the comments about his skill based on the 3 years, your talking about techniques never seen in the wild, on bizarre symptoms and seemingly unrelated.
<Snip>
Also I doubt he would risk his credibility on a hoax (would ruin him in so many ways) to drum up support for an already well attended conference.

Yea the skill thing was based on the way it has been reported, saying how he has been unable to clean his network for over 3 years. Maybe its just me that thought it sounded like he kept getting reinfected by not doing a proper job, when in fact he probably reinfected devices almost on purpose while running tests and such.

And i also doubt its a hoax, but you never know stranger things have happened.
faugusztin 2nd November 2013, 11:59 Quote
Quote:
Originally Posted by LordLuciendar
It's because he's a security researcher that he can't. The rest of us would have copied the data out of there and wiped the drives and flashed the firmware, simple, but he's got to preserve the malware and study it. Think of it like the CDC keeping samples of dangerous viruses and bacteria.

I still think it's a bit crap. If it is a USB storage device passed infection that contains a listening component for communication, even if it has hardware level hooks, it just isn't that monumental of a breakthrough. On the other hand, if it infects at a firmware level, and is as pervasive as the researcher claims, infecting through audio, it is a masterful malware...

Sorry, i don't buy it. What is so hard in :
1) turn off all computers.
2) turn on one of them, detect if it is infected. If yes, turn it off, mark that computer as patient zero.
3) turn on another computer, disinfect, turn off. Repeat for all computers in the network.
4) Network is now clean, except patient zero. Put that computer in soundproof room, with power filtered by a online UPS.

Network clean, sample preserved.

I call it a hoax too.
Corky42 2nd November 2013, 14:02 Quote
Quote:
Originally Posted by faugusztin
Sorry, i don't buy it. What is so hard in :

You know in the old days of medicine and diseases doctors used to experiment on them selves and deliberately expose people to watch how quickly they started to exhibit symptoms.
schmidtbag 2nd November 2013, 15:23 Quote
I'm still confused - HOW exactly is an un-infected computer supposed to get infected through a sound wave? The mic jack means nothing to a computer and is NOT a data communication port, so the only way for it to translate sound into data is through a program that can interpret it. But, if it takes software to interpret the sound into actual executable code, what's the point of interpreting sound in the first place? Why not just include the entire virus as a single package? The only answer I can think of is "it helps elude anti-malware programs" but I find that a little hard to believe.

Either way, the virus idea is really creative.
Corky42 2nd November 2013, 15:48 Quote
Quote:
Originally Posted by schmidtbag
I'm still confused - HOW exactly is an un-infected computer supposed to get infected through a sound wave?

As has been stated many times it doesn't infect via sound, it is thought to only uses it as a self repair mechanism when you disable/remove all other means of communicating like the LAN, WiFi, Bluetooth, then you start to clean the infection by removing parts of it or enabling/disable devices it will use the audio link (supposedly) to undo the work you are doing to remove it.

I'm guessing if you disabled the WiFi and all other ways for it to communicate in the BIOS it would fall back to the ultra sound to re-enable its connection to other infected devices.
Woodstock 3rd November 2013, 06:13 Quote
Quote:
Originally Posted by Corky42
Quote:
Originally Posted by Woodstock
<Snip>
As for the comments about his skill based on the 3 years, your talking about techniques never seen in the wild, on bizarre symptoms and seemingly unrelated.
<Snip>
Also I doubt he would risk his credibility on a hoax (would ruin him in so many ways) to drum up support for an already well attended conference.

Yea the skill thing was based on the way it has been reported, saying how he has been unable to clean his network for over 3 years. Maybe its just me that thought it sounded like he kept getting reinfected by not doing a proper job, when in fact he probably reinfected devices almost on purpose while running tests and such.

And i also doubt its a hoax, but you never know stranger things have happened.

Well the only way to clean the network (once you have isolated the cause) would be to identify the exact cause, and dis-infect in a clean room, which in the normal case would be simply disconnect all network cards, which is where the sound hacks come into play. If he had only one infected machine that would be simple.

He definitely could have cleaned his machines one by one in a different location, but then he wouldn't have been able to research the problem in detail. In research context there is plenty of reasons to not wipe the infection, until you have learnt everything you want, the main one being well research
RichCreedy 3rd November 2013, 13:28 Quote
Quote:
Originally Posted by Corky42
Would sound cancelling technology work seeing as its using sound above normal human hearing ?

I don't see why it wouldn't you are after all cancelling a sound waveform, you just make sure the sound cancelling technology has a high enough range
tuk 3rd November 2013, 13:39 Quote
^^Assuming you're talking about 'active noise cancelling' this technology focuses on cancelling sounds audible to humans.
Gradius 4th November 2013, 00:17 Quote
I pulled out my MIC since 2005.
theshadow2001 4th November 2013, 00:40 Quote
You could probably just tape something dense with a bit of foam backing over the mic. That would probably be enough to attenuate the signal on the receiving. High frequencies are easier to stop.

Anyway the dude physically disabled the mic as part of his testing.

Once you are aware that it is happening its quite straight forward to stop.
r3loaded 4th November 2013, 10:13 Quote
tuk 4th November 2013, 11:01 Quote
^^
Quote:
First of all, yes, it is absolutely possible in theory and there have been proof of concepts......
Corky42 4th November 2013, 12:48 Quote
Quote:
Originally Posted by r3loaded
Ahem, ladies and gentlemen: http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/

This guy seems to be focusing to much on the BIOS side of things, understandable as that's his thing. But im not sure it has even been claimed that BadBios is purely a firmware based virus, simply that it has the ability to target a computer's BIOS, and possibly other firmware standards.

Does the word "target" mean its written entirely in the firmware code, or does "target" mean it can manipulate or introduce hooks in the firmware to other parts of the virus ?
Woodstock 4th November 2013, 14:42 Quote
First off man is the guy trying to brag in the opening lines (https://yourlogicalfallacyis.com/appeal-to-authority)

Also he is trying to refute something that was never claimed in the audio section (the air-gaping while the OS is running)
Corky42 6th November 2013, 14:01 Quote
Researcher skepticism grows over badBIOS malware claims
Quote:
I don't want to say it but I think the very paranoia that makes one a good infosec professional is wearing on him. I don't want to see anyone being mean about it. It could happen to any of us and it WILL.
impar 3rd December 2013, 10:22 Quote
Greetings!
Quote:
Scientist-developed malware covertly jumps air gaps using inaudible sound
Malware communicates at a distance of 65 feet using built-in mics and speakers.
...
The researchers, from Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics, recently disclosed their findings in a paper published in the Journal of Communications. It came a few weeks after a security researcher said his computers were infected with a mysterious piece of malware that used high-frequency transmissions to jump air gaps. The new research neither confirms nor disproves Dragos Ruiu's claims of the so-called badBIOS infections, but it does show that high-frequency networking is easily within the grasp of today's malware.
...
http://arstechnica.com/security/2013/12/scientist-developed-malware-covertly-jumps-air-gaps-using-inaudible-sound/
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums