badBIOS: airgap-jumping malware that may use ultrasonic networking to communicate


#1

[Permalink]


#2

It's Halloween not April Fools day.

I don't buy this for a second. If it's real let him do a public demo.


#3

Heh, sounds like the agency behind Stuxnet is targeting Glenn Greenwald and Laura Poitras. But badBIOS predates the Snowden whistleblowing, so Gibson cyberpunk is leaking into reality again... This one sounds like "Burning Chrome".


#4

If this bug is even partway as interesting as described, it'd be trivially worth the cost of tearing apart the affected systems and dumping every last chip with rewriteable persistent state. Any number of parties (both malicious and not) would be fascinated to have a look at that, and the vendors would know what the state ought to look like.


#5

If this is true, then an air gap is not enough.

You need a vacuum gap as well.


#6

Sound like the real version of the famous Good Times Virus: Remember that?
But seriously. Right now I'm watching Person of Interest. They regularly do Bluejacking of phones. We know that the NSA can turn on embedded video and audio on computers and listen to your phone when it is "hung up"
I don't see this as a huge stretch.

I've been aware of the capabilities that seem crazy ever since I read (back in the 1990's the ability of someone to understand a voice conversation by bouncing a laser off a window and translating the vibrations made by people talking into words.

WARNING the Good Times Virus will destroy your hard drive. If Good Times is not stopped in time your computer will enter an "nth-complexity infinite binary loop" damaging the processor.

It will scramble any disks that are even close to your computer. It
will recalibrate your refrigerator's coolness setting so all your ice
cream goes melty. It will demagnetize the strips on all your credit
cards, screw up the tracking on your television and use subspace field
harmonics to scratch any CD's you try to play.

It will give your ex-girlfriend your new phone number.. It will drink all your beer and
leave its socks out on the coffee table when there's company coming
over. It will hide your car keys when you are late for work.


#7

I imagine an ultrasonic network would be hard to maintain over the sound of a Dyson.


#8

I thought the Dyson draw was that they were quiet?


#9

UEFI is a problem. All firmware needs to be analyzed. We are seeing a number of firmware hacks out there. We are seeing hardware hacks too. To the horror of proprietary software and hardware companies we are going to have to open up and review everything. Trust No One.

On the upside, we will see all the crappy workmanship they have been selling us.


#10

This sounds like a plot made up by idiot TV writers. Well, except it uses words that kind of make sense.


#11

This story could use some hard proof.


#12

Ok, a Hoover, whichever.


#13

And here I thought you were showing off with your pricey Dyson. stuck_out_tongue_winking_eye


#14

One time at band camp I tried to dump my girlfriend into a rewriteable persistent state, but it didn't hold.


#15

God I'm old. I remember putting an AT&T phone (Square receiver head and smaller microphone mouthpiece) into a standard 300 baud acoustic coupled modem while trying to send an email. It was late at night in the office. The text was showing up on the screen while I was sending it, then getting garbled. I couldn't figure out why. Then I realized that the sound of the woman vacuuming the rug was getting picked up and translated into characters on the screen.. I had her turn off the vacuum so I could send my email. Good times.


#16

Sounds like a stretch, but conceptually i think it's very "low-tech" and clever. If this story is true though i think the implications are scary.


#17

...It will apply random formatting to the comments you make on blogposts...


#18

A quick way to try and detect the audio networking would be to get a younger researcher - maybe a 16-year old. I have noticed that my PCs can easily reproduce sounds above 12 kHz that I cannot hear, but that drive my kids crazy.

The comments on the Ars article are averaging better than usual on this topic. My fav? "Infrasound networking is impossible." -- "Here, try using this Javascript library."

Also noted is that these are (IIRC) all Apple machines. The BIOS diversity is a lot lower and the hardware consistency is a lot higher -- both of which make a malware author's job significantly easier.


#19

To make things clear, nothing in the article claims badBIOS can "jump" an air gap by audio only. It appears to use ultrasound for communication between already-infected systems that have been air-gap quarantined.

That said - this looks to be a very sophisticated little turd sandwich. It can be transmitted by just plugging in a USB stick, across OSes, without even mounting the drive, and can even survive a BIOS overwrite/OS reinstall. Ruiu has an interesting theory about a possible hiding place: font files, which are executed when Windows previews the font.


#20

Mine sound like an airplane taking off.

Here in the Living Museum of Vaccum Cleaner Technology (which is just upstairs from the Museum of Water Heater Technology, aka my basement) we find that the two Dysons we have are noticeably quieter than the Kirby Heritage II and noticeably louder than Alphonse and Gaston (our iRobot branded kitten distribution devices). I'd say it's about the same as the Hoover Satellite, which unfortunately my mother gave away at some point so I can't confirm that.

I can't hold a conversation with any of these things running unless I shout, so I consider them all noisy.

If I find any ultrasonic malware I'm installing it in Gaston immediately.