HFU HF Underground
General Category => General Radio Discussion => Topic started by: Zoidberg on November 01, 2013, 0626 UTC
-
Manufacturing of computers, phones, tablets and other devices was contracted out to China, arguably the world's #1 source of government sponsored hacking. What did they think might happen? Vulnerabilities and exploits are being hard-wired into devices, and not just due to pressure from the NSA.
"Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.
"With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on."
--arstechnica, 10/31/13 (http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/)
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
-
Interesting, but I'll wait to for confirmation.
However, sure would be funny if malware sent SSTV out via the speaker.
-
Manufacturing of computers, phones, tablets and other devices was contracted out to China, arguably the world's #1 source of government sponsored hacking. What did they think might happen? Vulnerabilities and exploits are being hard-wired into devices, and not just due to pressure from the NSA.
"Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.
"With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on."
--arstechnica, 10/31/13 (http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/)
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
Story is lacking in facts; the man should have had a copy of Wireshark running on another machine and capturing packets. esp destination IP addys ... just sayin.
The 'security consultant' had a chance to thoroughly characterize the little beast (and perhaps even reverse engineer it and _confirm_ his observations), but, lacked either the time or skill set to do so ...
Summary observation: A 'UFO report'.
-
Some UFOs are real.
(I've known that ever since 'the ride'. We'll just call it 'the ride'...)
-
Story is lacking in facts; the man should have had a copy of Wireshark running on another machine and capturing packets. esp destination IP addys ... just sayin.
The 'security consultant' had a chance to thoroughly characterize the little beast (and perhaps even reverse engineer it and _confirm_ his observations), but, lacked either the time or skill set to do so ...
Summary observation: A 'UFO report'.
Looks like you were correct in being skeptical, SW-J:
Five days after Ars chronicled a security researcher's three-year odyssey investigating a mysterious piece of malware he dubbed badBIOS, some of his peers say they are still unable to reproduce his findings.
"I am getting increasingly skeptical due to the lack of evidence," fellow researcher Arrigo Triulzi told Ars after examining forensic data that Ruiu has turned over. "So either I am not as good as people say or there is really nothing." --("Researcher skepticism grows over badBIOS malware claims
Peers have yet to reproduce the odd behavior infecting Dragos Ruiu's computers." (http://arstechnica.com/security/2013/11/researcher-skepticism-grows-over-badbios-malware-claims/)) - arstechnica 11/5/13