Overclock.net › Forums › Industry News › Technology and Science News › [ARS] Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps
New Posts  All Forums:Forum Nav:

[ARS] Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps - Page 16

post #151 of 154
Quote:
Originally Posted by Hyolyn View Post

Bogus

Everything that is being reported is possible...well, it is questionable about the sound equipment working outside of normal human hearing. I was going to setup a demo of transmitting data by sound, but it is a very well documented procedure and before the days of proper networking it was actually used in many cases instead of a serial connection...and truth be told I just didn't have time.

However, I did test various frequencies to see if my speakers and mic could pick them up since that is really the only thing I question at this point. I discovered there are many frequencies that even if I get activity shown or heard on my speakers...the mic would not pick it up. This isn't high quality audio equipment, well, better than average or what you'd find built into most laptops I suppose. I just downloaded some high pitched wav files and used the dog whistle videos and such. I could not get my mic to show any activity at anything over 15,000Hz. Note that I could still barely hear the sounds at 15,000Hz., but the mic could not. My speakers did not not seem to handle anything higher than 24,000Hz correctly. I could hear it and I doubt I have super hearing. I am guessing in trying to play a sound they were not able to they made a sound at a much lower frequency.

The only other bogus thing about this is that a computer security professional has been working on it for three years without discovering it. I find that hard to believe. It should be fairly easy to spot a process that is using the sound services...as it would have to use it. Unless it was somehow masking itself...but that is typically easy to spot because a oddball service will be running to do the masking. If it was originating in firmware or the BIOS it should be a simple process to dump what is there and compare it to what it should be...when dealing with kilobytes you can look at them block by block in a short time. I also think this hole thing was a waste of time. It is just another BIOS virus...and methods to prevent other BIOS viruses will probably work on this one as well.
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
post #152 of 154
Quote:
It’s obvious you are not an InfoSec guy. If you were, you would know that we’ve had hypervisor based rootkits for some time that can evade traditional forensic analysis. Meaning, you will get a bios dump from whatever virtual environment the malware presents to you.

So why not pull the bios chip and throw it in an EPROM reader? Granted on a laptop this would be a huge pain, sonce you would probably have to desolder it, but it would be fairly easy on any infected desktop.
Spit in God's Eye
(16 items)
 
  
CPUMotherboardGraphicsRAM
i7-5960x @ 4.26 ghz core / 3.55 ghz uncore - 1.3v AsRock X99 Extreme3 EVGA GTX980 Ti 16gb (4x4gb) Crucial DDR4 2133 CL15 
Hard DriveHard DriveHard DriveOptical Drive
A-Data SP600 256gb SSD (C:) Samsung 840 EVO 1TB SSD (D:) Seagate 2TB Hybrid Drive (E:) LITE-ON 24x DVDRW 
CoolingOSMonitorKeyboard
Corsair H110 Win 10 x64 HP 2511x ( 25" 1080p ) AZIO L70 
PowerCaseMouseAudio
Corsair TX750 Antec 300 (Modded) Logitech M100 Onboard 
  hide details  
Reply
Spit in God's Eye
(16 items)
 
  
CPUMotherboardGraphicsRAM
i7-5960x @ 4.26 ghz core / 3.55 ghz uncore - 1.3v AsRock X99 Extreme3 EVGA GTX980 Ti 16gb (4x4gb) Crucial DDR4 2133 CL15 
Hard DriveHard DriveHard DriveOptical Drive
A-Data SP600 256gb SSD (C:) Samsung 840 EVO 1TB SSD (D:) Seagate 2TB Hybrid Drive (E:) LITE-ON 24x DVDRW 
CoolingOSMonitorKeyboard
Corsair H110 Win 10 x64 HP 2511x ( 25" 1080p ) AZIO L70 
PowerCaseMouseAudio
Corsair TX750 Antec 300 (Modded) Logitech M100 Onboard 
  hide details  
Reply
post #153 of 154
Quote:
Originally Posted by BinaryDemon View Post

So why not pull the bios chip and throw it in an EPROM reader? Granted on a laptop this would be a huge pain, sonce you would probably have to desolder it, but it would be fairly easy on any infected desktop.

You can also connect via the pin out to read it directly without removing it.

Most motherboards solder these things on these days. Never really found out why. I assume it must be cheaper to just tack them on there then build a socket for it to plug into.

As I said above...the most damning thing about this story is that a security pro of some renown can't find it.
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
post #154 of 154
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [ARS] Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps