Overclock.net › Forums › Industry News › Technology and Science News › [ARS] Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps
New Posts  All Forums:Forum Nav:

[ARS] Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps - Page 2

post #11 of 154
€ 100 on the NSA !
Black Betty
(16 items)
 
  
Reply
Black Betty
(16 items)
 
  
Reply
post #12 of 154
Man, I'm having trouble believing this....

Malware that can inject code into the Harvard-architecture microcontroller in a USB stick? Beee Esss. It'd have to be a USB stick specifically designed to... Smash the BIOS's USB handling stack? Does the BIOS even look at the USB bus after the OS is loaded?

I would think that if this whole was true, he'd have a LINE of security researchers at his door ready to help him out.

I want to see an oscilloscope capture of the supposed high-frequency audio communications on the speaker lines on one of these things. Would the audio system in a laptop even reproduce ultrasound?


This smells bad. Either way, should be interesting going forward.
Tractorbox II
(6 items)
 
al dente
(11 items)
 
 
CPUMotherboardGraphicsRAM
Intel 4770k Gigabyte Z87-DS3H Nvidia Geforce 970 G.Skill DDR3-10700 
Hard DriveHard Drive
Samsung 840 Samsung 840 
CPUMotherboardRAMHard Drive
AMD Athlon 2 X2 240 ASRock 760GM-GS3 Kingston HyperX Blu Red Series 250Gig Seagate 
CoolingOSMonitor
Stock FX-6100 cooler Windows XP Wells Gardner 25K7194 
  hide details  
Reply
Tractorbox II
(6 items)
 
al dente
(11 items)
 
 
CPUMotherboardGraphicsRAM
Intel 4770k Gigabyte Z87-DS3H Nvidia Geforce 970 G.Skill DDR3-10700 
Hard DriveHard Drive
Samsung 840 Samsung 840 
CPUMotherboardRAMHard Drive
AMD Athlon 2 X2 240 ASRock 760GM-GS3 Kingston HyperX Blu Red Series 250Gig Seagate 
CoolingOSMonitor
Stock FX-6100 cooler Windows XP Wells Gardner 25K7194 
  hide details  
Reply
post #13 of 154
Halloween? Coincidence? I think NOT!
 
Broken
(10 items)
 
 
CPUMotherboardGraphicsRAM
- 5820K - MSI X99S  - GTX780 Classified - Kingston 16GB 2800 
Hard DriveCoolingOSMonitor
- 850 Samsung Pro 1TB - H100i GTX - Windows 7 Ultimate - AMH A399U 40" 4K 
PowerCase
- Cooler Master V850 - NXZT 340S 
CPUMotherboardGraphicsRAM
-4670K @ 4.2GHZ -Gigabyte Z87 -GTX780 Classified -G.Skill 1600 
Hard DriveMonitorKeyboardPower
-64GB SSD + 3.5TB HDD -X-Star 27" Surround -G19 -Antec 650w 
CaseMouse
-Corsair 350D -G9X 
CPUMotherboardGraphicsRAM
-I7 2600k @ 4.5GHz -Maximus IV Extreme -GTX780 Classified -RipjawX 16GB 
Hard DriveOptical DriveOSMonitor
-1TB Caviar Black/64GB SSD -Asus -Windows 7 Ultimate -X-Star 27" Surround  
KeyboardPowerCaseMouse
-G19 -Antec 650 -Thermaltake  -G9x 
Mouse Pad
-Weapon of Choice 
  hide details  
Reply
 
Broken
(10 items)
 
 
CPUMotherboardGraphicsRAM
- 5820K - MSI X99S  - GTX780 Classified - Kingston 16GB 2800 
Hard DriveCoolingOSMonitor
- 850 Samsung Pro 1TB - H100i GTX - Windows 7 Ultimate - AMH A399U 40" 4K 
PowerCase
- Cooler Master V850 - NXZT 340S 
CPUMotherboardGraphicsRAM
-4670K @ 4.2GHZ -Gigabyte Z87 -GTX780 Classified -G.Skill 1600 
Hard DriveMonitorKeyboardPower
-64GB SSD + 3.5TB HDD -X-Star 27" Surround -G19 -Antec 650w 
CaseMouse
-Corsair 350D -G9X 
CPUMotherboardGraphicsRAM
-I7 2600k @ 4.5GHz -Maximus IV Extreme -GTX780 Classified -RipjawX 16GB 
Hard DriveOptical DriveOSMonitor
-1TB Caviar Black/64GB SSD -Asus -Windows 7 Ultimate -X-Star 27" Surround  
KeyboardPowerCaseMouse
-G19 -Antec 650 -Thermaltake  -G9x 
Mouse Pad
-Weapon of Choice 
  hide details  
Reply
post #14 of 154
Quote:
Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.

Holy crap.
Hydra TH10A
(15 items)
 
Nova Vault
(5 items)
 
 
CPUMotherboardGraphicsRAM
5960x Rampage V Extreme 3-Way SLI GTX 980 Ti Hydro Copper 16 GB Dominator Platinum 
Hard DriveCoolingCoolingCooling
480GB Intel 730 SSD Raid 0 x4 Custom Loop 4x 480 Alphacool Radiators Aquacomputer Aqualis 
MonitorKeyboardPowerCase
Acer B326HK Razer Black Widow 2014 Corsair AX1500i  Case Labs TH10A 
MouseMouse PadAudio
Razer Naga 2014 Megasoma 2 Creative ZxR 
CPUMotherboardRAMHard Drive
Xeon D-1541 Supermicro X10SDV-TLN4F 128GB Crucial DDR4 2133 ECC 10x WD Red 4TB  
Case
Caselabs Nova  
CPUGraphicsRAMHard Drive
2.9 Ghz Radeon Pro 560 4GB 16 GB 1TB SSD 
OSMonitor
OS 10.11 15 Inch Retina 2880x1800 
  hide details  
Reply
Hydra TH10A
(15 items)
 
Nova Vault
(5 items)
 
 
CPUMotherboardGraphicsRAM
5960x Rampage V Extreme 3-Way SLI GTX 980 Ti Hydro Copper 16 GB Dominator Platinum 
Hard DriveCoolingCoolingCooling
480GB Intel 730 SSD Raid 0 x4 Custom Loop 4x 480 Alphacool Radiators Aquacomputer Aqualis 
MonitorKeyboardPowerCase
Acer B326HK Razer Black Widow 2014 Corsair AX1500i  Case Labs TH10A 
MouseMouse PadAudio
Razer Naga 2014 Megasoma 2 Creative ZxR 
CPUMotherboardRAMHard Drive
Xeon D-1541 Supermicro X10SDV-TLN4F 128GB Crucial DDR4 2133 ECC 10x WD Red 4TB  
Case
Caselabs Nova  
CPUGraphicsRAMHard Drive
2.9 Ghz Radeon Pro 560 4GB 16 GB 1TB SSD 
OSMonitor
OS 10.11 15 Inch Retina 2880x1800 
  hide details  
Reply
post #15 of 154
Quote:
Originally Posted by kevmatic View Post

Man, I'm having trouble believing this....

Malware that can inject code into the Harvard-architecture microcontroller in a USB stick? Beee Esss. It'd have to be a USB stick specifically designed to... Smash the BIOS's USB handling stack? Does the BIOS even look at the USB bus after the OS is loaded?

I would think that if this whole was true, he'd have a LINE of security researchers at his door ready to help him out.

I want to see an oscilloscope capture of the supposed high-frequency audio communications on the speaker lines on one of these things. Would the audio system in a laptop even reproduce ultrasound?


This smells bad. Either way, should be interesting going forward.

It's a rootkit, it is deeper than OS. Probably like "Bluepill" rootkit.

Given that you can flash BIOS while in the OS it's plausible ; see ASUS USB BIOS flashing too.

Given the amount of focus on hardware "bare metal" hypervisors, it is inevitable people will try to infest more than the OS.
Quote:
Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed. Further investigation soon showed that the list of affected operating systems also included multiple variants of Windows and Linux.
This I don't believe though. It was likely infected on boot via Wifi/bluetooth/ethernet/USB.

USB was likely the attack vector. See the recent infections of phones through the USB chargers. http://www.telegraph.co.uk/technology/apple/10096352/Charger-can-hack-Apple-devices-with-alarming-ease-researchers-claim.html , http://www.infosecurity-magazine.com/view/32733/malicious-charger-can-compromise-iphone-and-ipad-in-under-one-minute/
Edited by AlphaC - 10/31/13 at 9:57am
Workstation stuff
(407 photos)
SpecViewperf 12.0.1
(151 photos)
 
Reply
Workstation stuff
(407 photos)
SpecViewperf 12.0.1
(151 photos)
 
Reply
post #16 of 154
Transmit data between computers using high frequency sounds via speakers and mics... Interesting doesn't even begin to describe it. If computer guys ever needed a good scare for halloween, this is it ^_^
SandLer
(16 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7 2600k @stock Gigabyte Z68X-UD3H-B3 rev. 1.3 GTX 660 Ti AMP! 2gb  GTX 660 Ti AMP! 2gb  
RAMHard DriveHard DriveHard Drive
G. Skill Sniper 8gb  Plextor M2S 128gb Samsung 7200rpm 320gb Western Digital 1Tb Caviar Green 
CoolingOSMonitorKeyboard
Cooler Master Hyper 212 EVO Windows 8.1 Pro x64 BenQ GW2250 Razer Blackwidow Tournament 2014 Edition 
PowerCaseMouseAudio
Antec Truepower 750w Aerocool Strike X One Advance Logitech G400s ASUS Xonar DSX 5.1 
  hide details  
Reply
SandLer
(16 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7 2600k @stock Gigabyte Z68X-UD3H-B3 rev. 1.3 GTX 660 Ti AMP! 2gb  GTX 660 Ti AMP! 2gb  
RAMHard DriveHard DriveHard Drive
G. Skill Sniper 8gb  Plextor M2S 128gb Samsung 7200rpm 320gb Western Digital 1Tb Caviar Green 
CoolingOSMonitorKeyboard
Cooler Master Hyper 212 EVO Windows 8.1 Pro x64 BenQ GW2250 Razer Blackwidow Tournament 2014 Edition 
PowerCaseMouseAudio
Antec Truepower 750w Aerocool Strike X One Advance Logitech G400s ASUS Xonar DSX 5.1 
  hide details  
Reply
post #17 of 154

Do not believe everything you read on the internet.

post #18 of 154
Quote:
Originally Posted by AlphaC View Post

This I don't believe though. It was likely infected on boot via Wifi/bluetooth/ethernet/USB.

They said it was receiving data even without those things, they measured that. What don't you believe?
The Corsair
(19 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 950 EVGA X58 SLI Classified EVGA GeForce GTX 580 3x2GB G.Skill Trident 
Hard DriveHard DriveOptical DriveCooling
OCZ Vertex 2 Samsung 103sj Spinpoint F3 Corsair H100  
CoolingCoolingOSMonitor
Corsair H70  Corsair SP120 Fans Windows 7 64-Bit ROG Dell Ultrasharp 2410 
KeyboardPowerCaseMouse
Steelseries Merc Stealth Corsair HX1000W Corsair Graphite 600T Special Edition Razer Mamba 
Mouse PadAudioOther
SteelSeries 9HD Logitech Z-5500 Corsair Vengeance 1100 Communication Headset 
  hide details  
Reply
The Corsair
(19 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 950 EVGA X58 SLI Classified EVGA GeForce GTX 580 3x2GB G.Skill Trident 
Hard DriveHard DriveOptical DriveCooling
OCZ Vertex 2 Samsung 103sj Spinpoint F3 Corsair H100  
CoolingCoolingOSMonitor
Corsair H70  Corsair SP120 Fans Windows 7 64-Bit ROG Dell Ultrasharp 2410 
KeyboardPowerCaseMouse
Steelseries Merc Stealth Corsair HX1000W Corsair Graphite 600T Special Edition Razer Mamba 
Mouse PadAudioOther
SteelSeries 9HD Logitech Z-5500 Corsair Vengeance 1100 Communication Headset 
  hide details  
Reply
post #19 of 154
Quote:
Originally Posted by kevmatic View Post

Man, I'm having trouble believing this....

Malware that can inject code into the Harvard-architecture microcontroller in a USB stick? Beee Esss. It'd have to be a USB stick specifically designed to... Smash the BIOS's USB handling stack? Does the BIOS even look at the USB bus after the OS is loaded?

I would think that if this whole was true, he'd have a LINE of security researchers at his door ready to help him out.

I want to see an oscilloscope capture of the supposed high-frequency audio communications on the speaker lines on one of these things. Would the audio system in a laptop even reproduce ultrasound?


This smells bad. Either way, should be interesting going forward.

If the damage was done to the BIOS for the USBs then they would not get handed over to the OS...so by killing the USB in the BIOS you kill it for the OS

However...the sound thing has to be bogus. You have any idea of the work it takes to get a computer to recognize sound? Emit it sure...easy...but for it to pick up sound waves and convert the sound into instructions would take a really complex hunk of software...you aren't going to cram that into something that could be loading during the machines power on stages.
Edited by Vagrant Storm - 10/31/13 at 9:59am
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
post #20 of 154
Quote:
Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.

this is insane. it's got to be either the americans or chinese if true
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [ARS] Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps