Holy BIOS

Dan Goodin:

With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on.

“The airgapped machine is acting like it’s connected to the Internet,” he said. “Most of the problems we were having is we were slightly disabling bits of the components of the system. It would not let us disable some things. Things kept getting fixed automatically as soon as we tried to break them. It was weird.”

The best guess is that the first computer was infected from a USB device, but what’s nuts (if true, it’s not 100% yet) is that a computer with no wifi or Bluetooth, or ethernet can still communicate and send data through the mic and speakers. I mean. Wow. What a hack.

Update: Errata Security has more information on the plausibility of this hack:

In other words, while I know of no talk at a hacking conference on “air gapped communication” via sound waves, it’s pretty darn easy, so expect to see one soon at a conference.

By the way, there are other ways to do air gapped communications using covert channels. For example, you might exploit blinking LEDs and using the built-in camera on the laptop. Or, you might be able to monitor the voltage on the power supply on one computer while turn on the power supply on/off on another. The overage laptop computer has a godaweful number of inputs/outputs that we don’t quite realize.

Excuse me while I go buy more tin foil.

Become a Member

This site is 100% member supported and free of advertising. Members receive access to exclusive weekly content: iPad Productivity Report, videos, and the best products listing.

Join Now

Already a member? Please sign in.

Article Details

Published
by Ben Brooks
1 minute to read.


tl;dr

Dan Goodin: With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. “The airgapped machine is acting like it’s connected to the Internet,” he said. “Most of the […]