dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1179
share rss forum feed


cpsycho

join:2008-06-03
HarperLand
Reviews:
·Start Communicat..

5 recommendations

BadBios

»arstechnica.com/security/2013/10···airgaps/

This has to be the most crazy virus I have ever read about.


shortckt
Watchen Das Blinken Lights
Premium
join:2000-12-05
Tenant Hell

1 recommendation

The part about air-gapped machines communicating with each other via audio reminds me of the 1970's sci-fi movie Silent Running in the scene where the robots are playing cards with the one surviving astronaut and the robots are cheating and communicating with each other.

In any case, the sending of data out of the machine's speakers could be easily verified with a microphone, amplifier, oscilloscope, sound card and some data analysis software.


cpsycho

join:2008-06-03
HarperLand

2 recommendations

reply to cpsycho
I think I need more gear to detect this virus, if it ever gets out into the wild we are going to have a lot of problems. Especially if its attached to a botnet of some form.


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4

1 recommendation

reply to cpsycho
I remember old school computers that use audio communications to transfer data.


Drunkula
Premium
join:2000-06-12
Denton, TX

1 recommendation

reply to cpsycho
Wow. That article actually gave me the chills.

HELLFIRE
Premium
join:2009-11-25
kudos:18

1 recommendation

reply to cpsycho
Same here... where's my antacids, cuz after reading this article, and just HOW much work's been expended to figuring
this out I'm going to need more.

Reminds me of the old stories I used to hear about using the various (unique) frequencies generated by the various
components to do wierd and whacky things, like play music, etc.

SOMEone out there had alittle too much time on their hands, methinks...

Regards


coldmoon
Premium
join:2002-02-04
Broadway, NC

1 recommendation

...or someone or some people were paid to have that much time...


Parad0X787
"If U know neither the enemy nor yoursel
Premium
join:2013-09-17
Edmonton, AB

1 edit

1 recommendation

reply to cpsycho
Indeed, time to rethink our old school thinking SOPHOS, have more infos at this subject !!! edit conclusion : So the short answer to the question of what we have to say about BadBIOS is, "We can't yet say." {{{ SMILE }}}


TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless

1 recommendation

reply to cpsycho
If any of this is true, I find it incredible that it has not infected millions of machines. Ruie has been chasing this for 3 years and in all that time no other computer has seen the infection?

The symptoms of system settings changing, files being deleted, and inability to boot from CD drives are symptoms which would be aparant even to the most casual computer user. So, why is Ruiu the only person who has ever seen this?

This thing, if real, is aparently so virulent, you would expect it to be widespread by now. This fact alone makes this story very fascinating. If such a complex virus was created why is it only infecting the machines of one researcher? Something here does not compute!

--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."

"People should not be afraid of their governments. Governments should be afraid of their people"



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to cpsycho


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to cpsycho
Robert David Graham

Left notebook receives 20khz carrier generated by notebook on right while dubstep plays background

»twitter.com/ErrataRob/status/396···/photo/1
--

#bad BIOS

»twitter.com/search?q=%23badBIOS&src=hash

Gladiator Security Forum
»www.gladiator-antivirus.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to cpsycho


Cthen

join:2004-08-01
Detroit, MI
Reviews:
·Verizon Wireless..
reply to TamaraB
said by TamaraB:

If any of this is true, I find it incredible that it has not infected millions of machines. Ruie has been chasing this for 3 years and in all that time no other computer has seen the infection?

The symptoms of system settings changing, files being deleted, and inability to boot from CD drives are symptoms which would be aparant even to the most casual computer user. So, why is Ruiu the only person who has ever seen this?

This thing, if real, is aparently so virulent, you would expect it to be widespread by now. This fact alone makes this story very fascinating. If such a complex virus was created why is it only infecting the machines of one researcher? Something here does not compute!

I'm thinking he infected himself.

The story right from the get go states that he himself installed the firmware that is causing the problems. Then the article never mentions where he got the firmware from or the OS software.

Looks like someone wanted some funding/attention before being axed from their job.
--
"I like to refer to myself as an Adult Film Efficienato." - Stuart Bondek

30598988

join:2013-10-31
reply to cpsycho
Cthen maybe you are rigth


TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless
reply to Cthen
said by Cthen:

I'm thinking he infected himself.

[...]

Then the article never mentions where he got the firmware from or the OS software.

No. I don't think so. The article claims the the first infected machine was a MacBook Air, and it did a firmware update on it's own; all by itself.

If he infected himself, he must have been the author, which is clearly not the case.

I don't know what to think about this. It's strange to say the least. Perhaps in the end explained by a psychological and mental break on his part, or some really advanced NSA engineered male-ware he somehow came into contact with at a hacker conference.

It's a very interesting and as yet unknown story. It could be real, it could be a fantasy, it could be a psychological break. Whatever; it's fascinating!

--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."

"People should not be afraid of their governments. Governments should be afraid of their people"



seagreen
Premium,Mod
join:2001-05-14
out there
reply to cpsycho
I saw that and took a look at the date and said "yeah, right". You guys think this is real?


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

One individual who commented at his posting stated....

I'm skeptical but was just thinking: perhaps this is infecting ACPI? The only common thing you'd have between all these OSes on modern machines is ACPI. Neither OpenBSD or Linux use the BIOS during normal operation, except when ACPI and SMM take over and preempt the OS. So maybe a possible attack vector would be ACPI dealing with the USB device before the OS has a chance to interact with it, the device exploits bugs in the ACPI and installs SMM code that will preempt the OS when it wants, and then hides the exploit area of the device so that you won't find anything. At least for me that makes it plausible, but I'm still skeptical. Like William Gruesbeck Jr. posted above, it would be sane to test in old machines that do not have ACPI and SMM, and on non-x86 machines where the exploit wouldn't work.

The he comes back with..

"did find an unusually long 33k DSDT ACPI table on infected laptops.?"

But I am thinking along the lines of these comments myself..posted by another person.

...you studied this for three years without mentioning it until a month ago. You describe symptoms which haven't been observed in the wild. You imply the vulnerabilities in USB (which exist) are a vector to installing platform and firmware agnostic firmware reflashers which run without error, make baseless claims about the filesize of a Chinese TTC collection, and produce nothing more than some text files of MD5 sums.

Are you delusional or just really deeply in debt to the point you'd sell your reputation for a hoax?

Post code or shut up.

Can we get a BIOS image dump?


--
Gladiator Security Forum
»www.gladiator-antivirus.com/

dsilvers

join:2009-05-17
Canyon Lake, TX

1 recommendation

reply to cpsycho
Something does not smell right about this.

said by Arstechniac :
I decided to resolve this conflict between my own skepticism and the reaction of Ruiu's fellow security researchers by reporting accurately what all of them said and making clear that so far no one has peer reviewed Ruiu's research process or findings.


You can find any number of posts about strange and evil viruses with no resolution. Here is one at Sysinternals. What's strange about this is this guy is a researcher. He has had three years to solve this with no headway.

For this to work on different bios, hardware and operating systems would be extremely involved. If this thing is a viral as he states it should have been found in the wild in three years. Without peer review by a researcher with credentials this becomes just another evil virus without a resolution thread.


Ian
Premium
join:2002-06-18
ON
kudos:3
reply to seagreen
said by seagreen:

I saw that and took a look at the date and said "yeah, right". You guys think this is real?

No.


beerbum
Premium
join:2000-05-06
Reading, PA
kudos:1
Reviews:
·Comcast
reply to cpsycho
I guess I'm safe since none of my desktops have a microphone or anything that could contain a microphone.

I still don't get how an infected computer could infect another strictly via sound.. Wouldn't the "receiving" computer need to have an active microphone that is turned on to listen? The microphone would have to be activated - either by the user intentionally or unintentionally via some sort of malware.

And if it's activated via malware wouldn't it make sense to instead of infecting the computer to turn on the microphone so it then can be infected via sound waves, why not just use the malware to take over the system?

*shrug*.. seems to be quite a convoluted way of compromising a machine if you ask me.


dib22

join:2002-01-27
Kansas City, MO
said by beerbum:

I still don't get how an infected computer could infect another strictly via sound.. Wouldn't the "receiving" computer need to have an active microphone that is turned on to listen? The microphone would have to be activated - either by the user intentionally or unintentionally via some sort of malware.

I think the theory is that it is more of a method of communication it will fall back on if it looses wifi or ethernet, not a vector for infection.


signmeuptoo
Bless you Howie
Premium
join:2001-11-22
NanoParticle
kudos:5
reply to cpsycho
A popular sales tactic of audio equipment is to claim frequency response of products. Maybe we now want a much narrower response?


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to cpsycho
The badBIOS Analysis Is Wrong.
November 1st, 2013 by Phillip Jaenke
»www.rootwyrm.com/2013/11/the-bad···s-wrong/


Ian
Premium
join:2002-06-18
ON
kudos:3
Yep. Think he put this to rest. Silly.


Parad0X787
"If U know neither the enemy nor yoursel
Premium
join:2013-09-17
Edmonton, AB

1 edit
reply to Name Game
{{{ SMILE }}} ..... mea culpa,yesterday was "HALLOWEEN" ¿ ¿ THX......A good look at the physics principles of electronics and ultrasound is warranted here. I have serious doubts as to whether it is possible to do many of the hinted at actions. So I reckon it is another scam.


Ian
Premium
join:2002-06-18
ON
kudos:3

1 recommendation

reply to cpsycho

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to cpsycho
quote:
He said he's continuing to make data available to researchers so they can independently evaluate it.
Which any good researcher should... Idunno either, nor am I smart enough on the involved technologies to offer an
opinion on whether this guy's overly paranoid, full of smoke and mirrors, or something else...

...only time will tell.

Regards


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 recommendation

reply to cpsycho
Researcher skepticism grows over badBIOS malware claims
quote:
Five days after Ars chronicled a security researcher's three-year odyssey investigating a mysterious piece of malware he dubbed badBIOS, some of his peers say they are still unable to reproduce his findings.

"I am getting increasingly skeptical due to the lack of evidence," fellow researcher Arrigo Triulzi told Ars after examining forensic data that Ruiu has turned over. "So either I am not as good as people say or there is really nothing."
»arstechnica.com/security/2013/11···-claims/