We seek to understand and document all radio transmissions, legal and otherwise, as part of the radio listening hobby. We do not encourage any radio operations contrary to regulations. Always consult with the appropriate authorities if you have questions concerning what is permissible in your locale.

Author Topic: Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps  (Read 1933 times)

Offline Zoidberg

  • DX Legend
  • ******
  • Posts: 2364
  • Gopher Stomp, Texas
  • i c u
    • View Profile
    • Email
Manufacturing of computers, phones, tablets and other devices was contracted out to China, arguably the world's #1 source of government sponsored hacking.  What did they think might happen?  Vulnerabilities and exploits are being hard-wired into devices, and not just due to pressure from the NSA.



"Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.

"With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on."


--arstechnica, 10/31/13
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
That li'l ol' DXer from Texas
Unpleasant Frequencies Crew
Al: Palstar R30C & various antennae
Snoopy: Sony ICF-2010
Roger: Magnavox D2935
(Off-air recordings.)

Offline skeezix

  • Global Moderator
  • Marconi Class DXer
  • *****
  • Posts: 5553
  • Minneapolis, MN
  • What does 'RNO stand for?
    • View Profile
Interesting, but I'll wait to for confirmation.

However, sure would be funny if malware sent SSTV out via the speaker.
Minneapolis, MN

Offline SW-J

  • Hero Member
  • *****
  • Posts: 544
  • Dallas, Texas
    • View Profile
Manufacturing of computers, phones, tablets and other devices was contracted out to China, arguably the world's #1 source of government sponsored hacking.  What did they think might happen?  Vulnerabilities and exploits are being hard-wired into devices, and not just due to pressure from the NSA.



"Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.

"With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on."


--arstechnica, 10/31/13
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

Story is lacking in facts; the man should have had a copy of Wireshark running on another machine and capturing packets. esp destination IP addys ... just sayin.

The 'security consultant' had a chance to thoroughly characterize the little beast (and perhaps even reverse engineer it and _confirm_ his observations), but, lacked either the time or skill set to do so ...
 
Summary observation: A 'UFO report'.

o Icom IC-756ProII, ProIII, Alinco DX-70, Kenwood TS-680s
o WinRadio G303e, Degen/Kaito 1103/DE1103, Stoddart NM-25
o 1/2 wave 80m Dipole used with several tuners
o Tuned loops from 2' thru 16' diam. capable of 160m thru 10m

Offline John Poet

  • Hero Member
  • *****
  • Posts: 917
  • Lansing, Michigan, USA
  • I survived the Mad Lagomurph
    • View Profile
    • Free Radio Cafe forums
    • Email
Some UFOs are real.


(I've known that ever since 'the ride'.  We'll just call it 'the ride'...)

« Last Edit: November 02, 2013, 1413 UTC by John Poet »

John Poet

"A treasonous voice of dissent"

The Crystal Ship Shortwave
Free Radio Cafe Forums

Offline Zoidberg

  • DX Legend
  • ******
  • Posts: 2364
  • Gopher Stomp, Texas
  • i c u
    • View Profile
    • Email
Story is lacking in facts; the man should have had a copy of Wireshark running on another machine and capturing packets. esp destination IP addys ... just sayin.

The 'security consultant' had a chance to thoroughly characterize the little beast (and perhaps even reverse engineer it and _confirm_ his observations), but, lacked either the time or skill set to do so ...
 
Summary observation: A 'UFO report'.

Looks like you were correct in being skeptical, SW-J:

Five days after Ars chronicled a security researcher's three-year odyssey investigating a mysterious piece of malware he dubbed badBIOS, some of his peers say they are still unable to reproduce his findings.

"I am getting increasingly skeptical due to the lack of evidence," fellow researcher Arrigo Triulzi told Ars after examining forensic data that Ruiu has turned over. "So either I am not as good as people say or there is really nothing." --("Researcher skepticism grows over badBIOS malware claims
Peers have yet to reproduce the odd behavior infecting Dragos Ruiu's computers."
) - arstechnica 11/5/13
« Last Edit: November 09, 2013, 1428 UTC by Lex »
That li'l ol' DXer from Texas
Unpleasant Frequencies Crew
Al: Palstar R30C & various antennae
Snoopy: Sony ICF-2010
Roger: Magnavox D2935
(Off-air recordings.)