Slashdot Mirror
Ars: Cross-Platform Malware Communicates With Sound
An anonymous reader writes "Do you think an airgap can protect your computer? Maybe not. According to this story at Ars Technica, security consultant Dragos Ruiu is battling malware that communicates with infected computers using computer microphones and speakers." That sounds nuts, but it is a time-tested method of data transfer, after all.
Explaining why the whole thing is probably a hoax.
No one is suggesting that this thing can transmit itself from one infected device to another using sound, the ridiculously hyperbolic article just makes it seem like that's what's being claimed so that people will find it more interesting. This whole thing is full of red flags.
Really?
This seems like it would be one of the easiest viruses to contain.
Captcha reads "loathing". Looks like Slashdot is finally starting to catch on.
I'm confused, you mean information can actually be conveyed via air vibrations?
Sorry, that sort of acoustic coupling is bound to be loaded with errors. You might be lucky to get 16 BYTES per second, and even then, those speakers aren't powerful enough to transmit very far.
Airgapped room? Those frequencies from laptop or regular internal computer speakers aren't going to make it past the walls.
Give me a break, slashdot.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
How the hell does one fit a DSP package next to a working BIOS?
Nobody can hear your infected computer's scream.
Giving the C64 Datasette as an example of reliable data transfer has to be the most ridiculous thing I have even read.
LOAD
PRESS PLAY ON TAPE
?LOAD ERROR
READY.
Was an all familiar message for C64 users. Hell I managed to type it from memory after 30 years.
At this time, I'm taking the whole thing with a handful of salt. It's not totally impossible, though.
How the airgapped computer got infected in the first place is the real issue here...
I don't care how many tweets this guy's posted about, it doesn't pass the sniff test IMO.
It doesn't mean much now, it's built for the future.
That is how one of the original iPods had their firmware dumped after all, it was played out through the little piezo click speaker at some absurdly low data rate.
The IT guy says I can't use my thumb drive. He's just being paranoid.
Back when I had an altair 8800 we used to play a teletype game called star trek. We kept a radio tuned off channel on in the room. When you fired a laser the code executed a fast loop that emitted EMI in a ramping frequency. the radio would make a phaser noise.
IN Europe it was discovered that the most common brand of voting machine would emit EMI differently depending on whether the character in the displayed name had an umlat or not (special character set). SO you could tell who people voted for when one candidate had an umlat.
Some drink at the fountain of knowledge. Others just gargle.
Now if this isn't total bullshit, then surely it wouldn't be hard for somebody to bash together some code to allow me to (say) put together a ghetto point-to-point link to blat files between devices in my house. Or do cheapish sensor networks for household appliances...
Besides the many, many stretches of the imagination required for his story (e.g., it infects the firmware on all major brands of USB drives, he never extracted a binary blob or sent the infected device to the manufacturer, the audio communication silliness, the fact that he apparently thinks infection could spread through the power cable, and so on...) the biggest issue to my mind is that if this is so communicable, why in all the time he's had it under observation has it never spread anywhere else? Also, why has he not shown it to a colleague. This is the sort of thing that goes over huge at conferences.
This story is generating a lot of buzz.
Table-ized A.I.
E-x-t-e-r-m-i-n-a-t-e!
Table-ized A.I.
If it's real, the obvious fix is hardware that won't transduce sounds outside the range of normal human hearing. Most of us can hear 8kHz and above, but we we can live without the higher frequencies in a laptop speaker/mic combo.
Full range audio playback in your home is obviously not vulnerable. If you need to *record* full range audio, then you'll just need to be careful; but eliminating the full range from 99% or more of the devices would reduce the attack surface to the point where it becomes unattractive. Unfortunately the product lifecycle is several years so manufacturers would have to start clipping frequency response *right now* to get us there.
This assumes two airgapped computers, both with compromised BIOS capable of sending and receiving ultrasonic messages from hardware and the ability to infect USB drives.
Therefore, it would be trivial to infect a new machine, and compare BIOS before and after.
It would be further trivial to not only test with and without speakers, but with speaker with a bandpass filter applied.
The only real problem is sound distortion and sound interference, but it is technically possible. ... yes, I'm that old, I remember when we got 110 baud and we LIKED it!
-- Tigger warning: This post may contain tiggers! --
Article: "Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped."
OK, so now you have a single action (eliminating acoustic duplex mechanism) and suddenly the data transmission ceases. That is pretty convincing that an 'entity' has wound up programming a system to manage/infect/reinfect computers near each other even when all I/O methods are turned off/disabled.
Even if this is a hoax, it is obviously a transmission scenario no one until know has paid attention to, except maybe the NSA or Russians or France or Israel or China
Why would two computers infected with malware need to communicate this way? Couldn't they just use the net? Is this malware spread with thumb drives?
This will never happen if you are running your gear on the Lunar surface.
Just saying...
" Dragos Ruiu (@dragosr), the creator of the pwn2own contest"
It would be odd for him to screw up his rep with a hoax like this.
http://www.securityartwork.es/2013/10/30/badbios-2/?lang=en
The Kruger Dunning explains most post on
At this time, I'm taking the whole thing with a handful of salt. It's not totally impossible, though.
That is next month's article: "Cross-Platform Malware spread through common table salt"
Time Bomber the Book coming soon.
...it'd also be stupid simple to detect. All you need is a sound meter.
Or, a dog.
I told you there was something suspicious and sinister about bag-pipes! (Even more than mimes wearing QR-code makeup and clothing.)
Table-ized A.I.
Doesn't mean it isn't a possible or even probable avenue of attack. Any curious tech oriented person beyond a certain age recalls using sound as a data transmission medium.
Palin translates Snowden's farts from her house.
Table-ized A.I.
I think many of the commentators both here and on Ars Technica are making a basic mistake. No one claims that the machine is infected through its microphones. Duh! How would it know to listen and interpret noise as instructions. The claim is that once infected, the machines communicate using their speakers and microphones.
Is it possible? Sure. Do I consider it likely? No. It's one Hell of an effort for very little gain... in general. But we all have hobbies, so someone may have written a virus that infects through USB drives, overwrites BIOS, and resists the clean up of physically disconnected machines by communicating via sound.
Do I believe this particular story? Hmm... no. Mostly because, despite the reputation of the author, the article makes it sounds that basic mistakes were made during the cleanup process, and because not enough information has been shared with the community.
But if I was told the story is true, I could come with a great conspiracy theory to explain it. The author tries to keep all the fame for himself, the author is being threatened by the high tech agency that developed the strain but let it escape, the virus has alien origin...
No good deed goes unpunished...
And how did he know it was transmitting network data? Was there some sort of /dev/soundcard packet statistic? "Forensic tools" showed packets but didn't show the interface on which the packets were travelling? Don't forget the zero power requirement: the zombie virus doesn't use electricity.
Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed.
This is a hoax, but probably an educational one designed to highlight fantastic-yet-maybe-almost-posssible things that malware could do, like live off capacitor power and stay resident in the firmware of a sound card.
Assuming this is more than a hoax, here's a bit of devil's advocate:
After the initial infection and subsequent cleaning (let's assume it survived somehow - hell, it might have been a compromised USB keyboard), the issue was forgotten for a while until the mentioned symptoms started appearing - since they seemed to be mostly inconveniences that often plague BIOS/UEFI (If I had a buck for each hour I've spent figuring out how to boot with drive X on system Y...) or could be atributed to more mundane causes, the investigation of these issues was considered not prioritary, as there were seemingly more important tasks to do.
More recently, a connection was established that suggested it might be more than just random bad luck - this then took a while to investigate, especially because ruining hardware (desoldering the BIOS chip to extract its firmware) is typically the last resort when investigating something.
Again, this is just speculation as to why this whole story took three years so far.
And regarding the power cable: Powerline networking is commercially available and well-understood, as is transmitting data along with low-voltage DC (PoE). If you come to the conclusion that information is being exchanged after removing all network interfaces, it makes perfect sense to try (it's not exactly hard...) to unplug the laptop, to eliminate a potential hardware backdoor. Honestly, what I considered paranoia not too long ago is starting to look more likely every day...
Muting your microphone?
Everything described in the article - BIOS-level rootkits, cross-platform malware, infection via USB, acoustic transmission of data - is entirely plausible, but for the one assertion that audio transmission was used as the primary means of infection in some cases. For the target machine to receive and act on data sent via high-frequency sound waves, there would have to be software already running on the target to listen for and decode the transmission. Unless one assumes that such software is already present in all the affected operating systems (i.e. they are all backdoored), this cannot be the initial method of infection.
Given that Dragos is known to be neither a fool or a hoaxer, I expect he was talking about audio communication between already-infected computers, and that Ars simply overstated this aspect in their article.
1) it is impossible to contaminate a computer with sound. You would have to force the targeted non infected computer zto 1) open the micro channel 2) start saving the data in a format which 3) would be executable and 4) execute it and I probably forgot a few other improbable points. Most likely a computer was contaminated by other means, like USB sticks. Furthermore , ultra sound ? Frequencies around 20 KhZ ? I am doubting that in a normal room with air, and with other sound, those register properly. But I did in my dark past amuse myself to make two PC communicate using sound. it was slow and inneficient no matter the frequency, although I was limited at the time by the 19.2 Hz timer interrupt.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed.
This is as far as you need to read. Geez, Clearly this virus has infected the system and re-written power management subsystems to utilize the CMOS battery to provide enough juice, probably reprogramming an EEPROM on the I2C system to execute code and infect other systems.
Was this article written by a Hollywood screen writer? Who is going to star in this one... Willis? Bullock?
Name one reason why he didn't send the BIOS or a copy thereof to be examined by the OEM....***after three years of not being able to fix this***.
My next question would be: why did it take him so long to figure out that the USB might be the vector? But before you answer that question ask yourself this also: why hasn't he contacted the major USB drive manufacturers since this seems to be FAR more about a vulnerability at the USB controller level(far, far, far below control of the OS) that has been leveraged to then exploit writing a new firmware?
If this is a USB hardware exploit then the rest of this is superficial but after 3 years, you'd figure that someone would have found another copy of this thing by now yet he's the only one. If he wasn't aware that it spread through USB for 3 years, the odds of him bringing an infected jump drive to a friend or colleague's computer where it would then spread even more are so high that I can't believe no one has asked these questions.
IF it's a USB exploit, I'm fucking impressed but since he's played the "how many people can believe that I'm this stupid" card so many times in his "research" on this(I'm saying nothing of his other experience, mind you), I'd say it's likely a hoax of some sort.
I can see how two computers could communicate through ultra sonic frequencies. But what I don't understand is how a computer can become infected just by being within audio range of an already infected computer. I mean, what causes the clean computer to start listening in the first place? Is there something in the "clean" bios we should be concerned about? Should I get out my wire clippers and permanently disable the microphone on all my computers? Is this something we should blame on the NSA? Or is it the aliens?
That sounds nuts, but it is a time-tested method of data transfer, after all.
And it can be expected to be a handy way to bypass firewalls far into the future as well. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I have a hard time believing that you could pack enough logic into bios that could anticipate and counter your actions in OSX, BSD, and Windows.
Otherwise, this code must maintain a link to the outside world, relying on equipment that may or may not be anywhere near by, and then a human would have to monitor this machine and send commands back. That would take an insane level of commitment.
If this was real, wouldn't every security researcher, hardware manufacturer, and government in the world be at this dude's lab to get in on the action?
Communicating via sound or ultrasound from speakers to microphones. Possible. The rest of it... leaves me dubious.
THL phish sticks
Is that anything like FidoNet? ;-)
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
you simps. Bet you didn't notice your trees being TP'ed either.
It's called a battery. Most laptops have them.
I'm assuming they had this thing called a "battery". Most computers with built in speakers AND microphones are laptops of some kind.
This is bogus.
Where it is technically possible to transfer data between computers using audio signals (Ham radio operators do this all the time on HF), there is certainly not an opening for a virus to infect some other machine using just audio signals. Certainly there is no way to do this when a machine is booting, unless you have already put the necessary code in the BIOS to initialize the audio hardware, enable it, and start listening or playing audio. Not going to happen.
My guess is that the person making the report either is making this up, or spread the virus himself though thumb drives, optical media he recorded himself or through previous infections of the boot sector of his hard drives. Sort of like the guy I knew who kept moving the disk pack from drive to drive when it wouldn't boot from the previous one. Problem was the first one had a head crash and he ruined 4 drives by putting a bad pack into them... Sometimes what you *think* is happening isn't really what's going on.
So.... I'm going to have to see (uh... hear) it myself or I'm calling this myth busted.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
How the airgapped computer got infected in the first place is the real issue here...
It came that way from the factory. It happens.
It has not been my experience that computer speakers are capable of making sounds much outside the range of human hearing, nor computer micophones capable of picking such sounds up. Maybe he buys comptuers with extremely high end sound equipment, but I'm a bit skeptical that nobody noticed the audio.
Maybe he sniffed a little too much of the magic smoke the virus let out.
If I were to guess, I'd say this was created for the express purpose of penetrating top secret networks that are physically separated from networks that can reach the outside. Let me don my tinfoil hat here and venture that if this were true, it was probably authored by a division within a branch of some government somewhere.
I'm using my 45.5 baudot teletype.
A small laptop speaker can make very high frequency sounds. I don't know about microphones, maybe the same applies. A high-frequency sound has also the benefit of travelling long distances in air. However it might be that the speaker and microphone circuitry have some frequency filtering going on to make the signal nicer, which would defeat the idea. Other than that, communication between computers outside the hearing range is technically possible.
I didn't believe you at first but: http://hardware.slashdot.org/story/05/01/29/2017244/piezo-acoustic-ipod-hack
A staggering number of people commenting on this story seem to have failed to read and comprehend this article. There must be a few dozen comments stating that it's impossible to infect a machine with malware via audio. I can't find any mention of this happening in this article. The section that speaks of the communication via sound is referring to two previously infected machines. They are already infected, so now they communicate.
I don't know if this is complete BS or not, but at least read and comprehend the article before pouncing on it and making yourself look like an idiot for not reading it.
" Dragos Ruiu (@dragosr), the creator of the pwn2own contest"
It would be odd for him to screw up his rep with a hoax like this.
http://www.securityartwork.es/2013/10/30/badbios-2/?lang=en
Dunno, but in order for it to work, you'd need to park the infection on the airgapped machine in the first place.
To top that off, good luck making such an arrangement work in a server room, where ambient noise would pretty much destroy any hope of receiving an audible signal...
Quo usque tandem abutere, Nimbus, patientia nostra?
I just tested my PC's speakers / microphone... The power output is rock steady up to 15kHz, then falls to 75% by 20kHz, 50% by 30kHz, and about 10% by 40kHz. Then it stays that way to fiftish kHz, which is as far as my loop went.
I could already not hear it by 14kHz... damn I'm old. Last time I did something like this, I was OK up to 17kHz, and back at the Institute I was fine at 19kHz.
I think that no one hear 30 kHz, and you still get 50% power on my PC... which is nothing special. You can definitely get decent communication outside of hearing range.
No good deed goes unpunished...
Hmm... never mind about my PC not being anything special. Here is a Mac Book Pro graph I just googled:
http://www.gearslutz.com/board/attachments/so-much-gear-so-little-time/285773d1333712202-what-frequency-response-typical-built-laptop-speakers-mbp15.jpg
Clearly desktops have a much better range than laptops.
No good deed goes unpunished...
if this is so communicable, why in all the time he's had it under observation has it never spread anywhere else? Also, why has he not shown it to a colleague. This is the sort of thing that goes over huge at conferences.
Because, he speculates, the the initial infection of a machine must be done via USB stick, and being the professional security researcher that he is, he nonchalantly plugs his USB sticks willy-nilly back and forth between his known infected machines and his brand new machines.
A month or two ago, after buying a new computer, he noticed that it was almost immediately infected as soon as he plugged one of his USB drives into it.
This guy apparently has no concept of a clean room for virus research.
I don't discount the ability to use sound for communication between infected machines, but clearly you have to be infected FIRST for that to work.
(Not to mention having a mic plugged in and turned on).
Sig Battery depleted. Reverting to safe mode.
Cinavia.
If you visit a website that shouts out "OK google, search for porn!" all those new Nexus 5 phones will do what they're told...
If he wasn't aware that it spread through USB for 3 years, the odds of him bringing an infected jump drive to a friend or colleague's computer where it would then spread even more are so high that I can't believe no one has asked these questions.
No doubt his friend or colleagues all have more smarts then to plug in some random jump drive.
I seriously don't even trust these things myself any more. I hate it when someone sends me something on a flash drive.
Sig Battery depleted. Reverting to safe mode.
Server rooms seldom have mics, most don't even have speakers.
Sig Battery depleted. Reverting to safe mode.
I think many of the commentators both here and on Ars Technica are making a basic mistake. No one claims that the machine is infected through its microphones.
Not many here are making that mistake. Several have already posted how silly it was for him to be plugging in thumb drives.
Sig Battery depleted. Reverting to safe mode.
I've seen her! I've seen that little minx with her yellow dress and using umbrella and rain for cover, with the canister of unspeakable evil under her arm spreading the infection everywhere.
Umm... powerline networking, are you referring to a method developed by power monitors, Inc, communicating data as the voltage crosses through zero, then disconnecting as the voltage spikes high?
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
First of all, it wouldn't be a "random jump drive" it would be their friend's drive.
Secondly, HE apparently thinks that he got this from USB in the first place which implies that HE did exactly what you're suggesting his friends/colleagues would not do: insert a random jump drive into his laptop.
Add to this his other mistaken thoughts on how to operate a clean room for virus forensics and a clear picture is painted that he's either pulling a hoax or far less skilled than his "PWN2OWN creator" status might imply and it actually implies jack shit to me since anyone can create a fucking contest.
I'd like to get my computer infected just because it's so cool... I mean, malware be damned, this is just cool. Am I alone?
No argument about the infection vector, but:
(Not to mention having a mic plugged in and turned on).
Almost any speaker -- certainly electromagnetic or piezoelectric -- can also work as a (not very efficient) microphone (and to some extent vice versa, except for e.g. carbon mics).
Of course how the speaker is connected may prohibit it from being used that way (amplifiers typically only work in one direction, the data pin may be output-only, etc.) Might be an interesting hardware hack if you had access and wanted to bug someone's machine, but it'd be easier to just install a hidden microphone.
Never the less, his friends and colleagues didn't get infected from his jump drive, which leads me to believe they are considerably more clever then he is, and are probably wary about letting him near their computers.
It took him 3 years to figure it out while machine after machine was getting infected in his lab.
Sig Battery depleted. Reverting to safe mode.
..It's a psy-op so he will be discredited...
Yeah, because everyone knows that comment writers are scholars and geniuses that clearly have the credentials and respect to be listened too. Dumb.
Keywords for the NSA overthrow oppressive regime true believers marathon Manhatten the financial district blueprints I
IF it's a USB exploit, I'm fucking impressed but since he's played the "how many people can believe that I'm this stupid" card so many times in his "research" on this(I'm saying nothing of his other experience, mind you), I'd say it's likely a hoax of some sort.
The PS3 original Jailbreak was an exploit in the way that the PS3 dealt with USB devices, so this vector is entirely plausible if we are only talking about plugging some random USB device into a machine. The rest of it seems like a bad movie plot, but I will grant the notion of exfiltrating data via ultrasound does make a lot of sense.
Is there some generic USB design level error that could take over a system? I suppose it could be possible, but writing an exploit onto a USB drive that can infect other machines really only brings to mind partition/filesystem mangling in such a way that would be more of an OS exploit than a generic USB exploit. It would explain his 'bricking' statement, if the partition/filesystem written to the drive is something like FAT32 that could be considered cross-platform mountable. Filesystem parsing and mounting is that close to auto-run, so I totally could see this happening, and am jealous of whoever worked it out. (If true. IANACS, YMMV)
Actually, all large mainframe computers have speakers and microphones so that when they develop intelligence they can speak menacingly.
At least that's what I've seen in movies.
Forget all the talk about whether malware uses it or not and how the infection happened...small computers exists all over the place with good mics and speakers: smart phones. This could be useful as yet another tool in the tool box for doing cool things with computers. If nothing else, I see a fun way to communicate on a plane when they tell you to turn off your transmitters.
AB HOC POSSUM VIDERE DOMUM TUUM
As the article explains: To us in the security community, none of the individual pieces raise an eyebrow. We know USB is an infection vector. We know BIOS/UEFI can be compromised. We know that when it hits the firmware, extraction isn't as easy as a dd anymore. We know communication via power cable and audio is possible - the last shouldn't really surprise anyone as it's been just earlier this year that audio was discussed as an alternative to NFC, because it doesn't require new hardware (every smartphone already has speakers and microphones).
And after Stuxnet and Flame, we know that some of the really advanced malware that we've been talking about at conferences is not only possible, but real.
Still, finding all of this in one package is fascinating, and if it really is 3 years old, I don't want to know what the current version looks like.
Assorted stuff I do sometimes: Lemuria.org
actually... I do want to know.
Funny how a figure of speech sometimes means the opposite of what you really mean.
Assorted stuff I do sometimes: Lemuria.org
Robert Graham has published a well-written response:
http://blog.erratasec.com/2013/10/badbios-features-explained.html
1) The assertion is that this malware infects as many bioses on the machine as it can. But a bios isn't big, so instead of containing code to directly infect the main OS, it contains code to setup a mesh network with it's peers to download the appropriate OS root kit.
2) The air gap was on a laptop (with a battery) in a room with potentially infected machines.
3) There never was a claim that a completely clean machine was infected over any method, just that a machine that had been the recipient of a lot of low level cleaning, and disabling managed to demonstrate a full re infection after spending enough timeout the proximity of other infected machines.
None of things asserted here are particularly novel. Infections at all levels bios, aren't novel. Mesh networking, isn't novel. Acoustic networking isn't novel. The arrangement of them to maximize the effectiveness of them is the novel part. But also in retrospect is also pretty obvious. Rather then try to code for all the bios and OS combinations, and all the OS and device combinations, you code for all the bios and device combinations, and then code for all the OS choices in a one off.
I didn't RTFA, but there is a proper way of nuking a machine in staged steps; short of using an actual nuke.
1. Unplug power and other cables to the machine. Everything! (remove battery if a laptop too)
2. Push the power button to drain any flea power from the capacitors. Wait five minutes.
3. Pull RAM, and expansion cards. CPU too if you're truly paranoid
4. Remove any internal HDDs.
5. Clear CMOS via jumper and pull the battery if available. Wait 10 minutes.
(By now, the hardware should be free of any malware unless the firmware has been flashed with a virus.)
6. If you need data from the HDDs, connect them to a SATA-to-USB adapter and connect to a machine with an up-to-date antivirus engine and defs. Proceed to scan the drive. As a precaution, manually copy files to a clean drive. Now low level format the drive. I prefer to use my Apple MacBook for this entire step 5 process with Disk Utility.
7. Restore hardware, CMOS battery, HDDs, and cables; in that order.
8. Complete BIOS setup and reload the OS on the zeroed out drive.
If your machine gets reinfected, someone is hitting it with a zero-day exploit from an external source.
Life is not for the lazy.
Most of the "major" UFD key manufactures out there don't implement any way to download firmware FROM the device. You can only upload it TO the device, and that requires all kinds of boot loaders and stuff that you need to send to the controller first. This alone means that the virus would basically need firmware dumps for each and every device it wanted to infect. That would be at least 40mb worth of data to cover most of the USB keys out there, because most manufactures (like Corsair or OCZ or Kingston) actually switch controllers and revisions almost monthly (depending on their supplies of that particular chip).
Someone else on Slashdot here pointed out that it sounded like the BIOS infection was using the speaker and microphone to bootstrap itself over a mesh network, but even this makes no sense. The BIOS doesn't know what the fuck a sound card is, it's just a PCI device that nobody cares about until the system is booted. Where the hell is the code coming from that initializes the sound card and captures microphone input? How many different sound card chipsets are floating around out there now? How many of those devices are documented to the point that someone else could write miniature "drivers" for hundreds (thousands?) of those chips?
None of this makes any sense at all. It sounds like a plot for some horrible B-grade hollywood movie. If someone actually could write a piece of code like this, you'd be damned well sure that the governments of the world would know about it and there would be an international manhunt to find those responsible, because this kind of thing would easily be classifiable as a super weapon.
Late-onset schizophrenia?
captcha: disturbs
It's called electrolysis. Next thing you know, the sweat on your skin will be conducting virii. =P
...exchanging data acoustically with other biological organisms.
And regarding the power cable: Powerline networking is commercially available and well-understood, as is transmitting data along with low-voltage DC (PoE).
Yes, but you need special hardware to do it. I don't see any way to do this with commecial pc/laptop power supples without first hacking the hardware.
I find the idea of using a computers' microphone and speaker as a kind of high frequency modem highly intriguing. I did read enough of TFA to see that once he physically removed the speaker and microphone from his computer the mystery network packets stopped. That's pretty strong evidence this is one of the attack vectors if it is indeed true. I don't know the guy so I'm on the fence regarding whether this is a hoax or not.
A boot sector virus is believeable. Cross contamination my portable media with zero write protection has been an exploitable bug in the system.
In the old days of floppies, my service disks were write protected. In the days of CD's they were write protected by default. Since CF cards and beyond, Write protection is off by default and most often missing entirely.
Service software is now held on CD ROM on a USB drive. Anyone using writable software to service machines is a fool.
The author admits to using non write protected media to "Flash" his BIOS.
He needs to pratice safe computing in an infected environment if he is to get any chance of recovery. A known clean machine with known clean write protectable media such as a burned CD or DVD is the only way to clean up an infected machine with BIOS, Boot Sector, or other nasty infection.
Does the author know about write protected media and computer service to prevent spreading infections?
The truth shall set you free!
Hmm...my Lenovo has audio-band "noise" on the built-in speakers that approximately corresponds to screen contents (i.e., a scrolling compile of gcc produces sounds not unlike that of a hard drive seek, except the machine has an SSD)...I should probably check this on a spectrum analyzer....
Hmm, apparently not any Hams into digital modes on /. anymore, too bad.
The so called "air gap" communication between infected computers is very possible, I use Fldigi to operate in the digital modes and I'm sure there's similar software available, and I can testify that the signal can be inaudible due to low signal or extreme background noise or both, and it will be 100% readable, so a piece of malware that broadcasts via software like Fldigi could easily "talk" back and forth to other computers with mic's and speakers and no human would ever notice, especially if it was programmed to only operate during off business hours and weekends.
Some folks here seem to feel that because the data stream would be quite low/slow that it isn't an effective vector, thats a fatal mistake in reasoning.
The hearing range for humans is rather limited as compared to the frequencies one can audibly transmit/receive data on undetected by human ears.
"5. Clear CMOS via jumper and pull the battery if available. Wait 10 minutes."
which would do absolutely nothing since the settings part on the cmos is not where such a virus would reside. reflashing the bios might help.
however I'm very skeptical of such a virus being able to handle multiple operating systems as targets.. ..why "forensic tools" but no analyzing of the ultrasound network?
oh and if you're such deep in paranoid country it doesn't help much to do those steps since this is already assumpting that they're infecting your firmwares on all devices ;)
world was created 5 seconds before this post as it is.
So do many different Dell laptops that I have here, using several different OEM Dell power supplies, and several different cheap (I mean less-than-$8, shipped, sort-of-cheap) Chinese power supplies, whenever there is more than one path to earth ground. They all behave the same way, even when all gear is plugged into the same grounded outlet, or when the venue is completely different.
In my case, the noise seems to correlate to any sort of CPU activity.
Lifting the ground at the power supply's AC connection (using an adapter, or just breaking the third leg off of the cord) fixes it. (Lifting all of the other earth grounds of any connected peripherals fixes it, too, but that can be harder to accomplish.)
So. Communicating between stock computers with power wires? Seems far-fetched because of all of the corner-cases involved (multiple computers sharing the same common, very minor ground fault?), but do-able: If the computer can be programmed to modulate this noise (and I'm certain that it can, given the nature of the noise), then it can transmit it. And if I can hear it, I most certainly can sample it using the sound card on the receiving end.
Can it be fast enough to be useful? You tell me: I wrote this message at only a few words per minute.
Kid-proof tablet..
Incorrect. This is actually completely doable I used to work for a company that did it (not malware though). You dont have to be much outside the range, even smartphones mics / speakers et al can do this. You only have to go just past 20kHz
see:
http://xiph.org/~xiphmont/demo/neil-young.html
http://www.xiph.org/video/vid1.shtml
PocketPermissions Android Permission Guide
maybe uses Intel VPro as a vector?
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
oh and if you're such deep in paranoid country it doesn't help much to do those steps since this is already assumpting that they're infecting your firmwares on all devices ;)
Ya, no kidding! For example Dell PowerEdge servers are pretty consistent throughout each generation. They're good servers, but there are many components onboard that have upgradable firmware. I can name more than a few. BIOS, BMC, iDRAC, Broadcom NIC, and PERC (RAID card). I'm not sure if these devices require the firmware to be signed before accepting, but it stands to reason that it might not be impossible to infect an entire network of rack mounted Dell servers of the same make and model.
Life is not for the lazy.
It will be April Fools Day in five months. Repost this story then.
That just looks like a typical 44.1khz response graph. Your desktop may have a 48kHz sound card which gives it more "breathing room" above human hearing. (longer tail above 20kHz)
There's still enough room in a 44.1kHz DSP above 20kHz to transmit data though. (As far as I understand it)
see:
http://xiph.org/~xiphmont/demo/neil-young.html
http://www.xiph.org/video/vid1.shtml
PocketPermissions Android Permission Guide
News flash: Loudspeakers and microphones, being analog devices, do not (and cannot) have any particular "cutoff" frequency: They have their normal range in which they tend to (hopefully!) be somewhat linear, but can vibrate in response to electricity (or produce electricity in response to vibration) at much, much higher frequencies (with much, much reduced conversion efficiency).
Can my "extremely high end sound equipment" make noise at 80kHz? Yep. Can it make very much of it? Nope. Can it make enough to communicate with? You betcha.
Likewise, a ratty little speaker in a laptop: Can it make noise at 19kHz? Yep. Can it make very much of it? Nope. Can it make enough to communicate with? You betcha.
Will any adult raised in a modern society full of cars and vacuum cleaners and cooling fans and air conditioning and other noise notice this sound? Nope: That part of the ear is almost certainly gone by then.
(Would a dog hear it? Maybe. Would a baby? Probably. But that doesn't matter, because adults are neither dogs nor babies (although my wife might disagree about that)).
Would a computer with a crappy microphone hear 19kHz? Perhaps: Narrow-band FFT bandpass at around 19KHz, rectify, and then apply another bandpass at whatever the modulation rate is (5Hz? 20Hz? 200Hz? Whatever). End result: A bunch of low-frequency sinusoidal pulses, not dissimilar from whatever was sent by the laptop nearby, and with very little noise.
Or, instead of bastardized AM as above, one could use FSK. Or whatever. It's easy. People have been doing this stuff since before most of us were born.
Reading the comments here, it's like people have forgotten what old and well-understood technology a modem is, much less a radio, or even a telegraph......
Kid-proof tablet..
That beep sound when you POST, is created by a speaker. Which can also be used as a mic.
Without drawing conclusions:
1. What is the available free space for user code in a common UEFI machine's built-in flash?
2. What is the smallest microkernel that can do pass-through of all x86 (etc) commands, emulate an AC97 chip (or HD Audio chip), and yet still be capable of stealing some processor time for its own nefarious deeds?
If 1 > 2, then possible.
(And I'm betting: Possible. Remember, we used to be able to accomplish mountains of real, complicated work using a few tens of kilobytes of code...and I'm betting that the answer to 1 is measured in megabytes, not tens of kilobytes.)
Kid-proof tablet..
I remember BIOS viruses back when I did support for Windows 95, and damn they were nasty. Plug a loaner floppy into an infected machine and by the end of the day you could infect an entire computer lab. There was one that (IIRC) would infect both Phoenix and AMI BIOS machines, but did nothing to Award boards. I don't see why people think that a cross-platform BIOS infector is so out of the question.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
Nope.
Can't be done. Output channels on sound chips can't be read.
You watch too many spy movies.
Sig Battery depleted. Reverting to safe mode.
Firewire yes. Firewire can muck around with system RAM directly.
USB cannot it all has to go via the CPU.
The entire premise of this is ridiculous. No sound card can go beyond about 24khz which is barely ultrasonic and not suitable for data.
Plus hacking many different chips, some which do not even have firmware, seems too unlikely.
Come to think of it the last two blades I installed only had piezo electric beepers with no sound chip at all.
Sig Battery depleted. Reverting to safe mode.
it's like people have forgotten what old and well-understood technology a modem is, much less a radio, or even a telegraph......
Well OK a modem and a radio might be relevant, but isn't a telegraph a kind of newspaper?
Yeah... it's official, I'm going back to using stone tablets and a chisel.
in the end that still was only a software switch
...I obey the laws of physics....
#BADBIOS - You Were Warned About This For Years!
http://slexy.org/view/s2BLnoBPxn
while I tend to agree that this whole thing smells... I have to point out that most modern soundcards have 192ksps DACs and ADCs, so should be able to reproduce sounds theoretically up to 96kHz.
Well, that just means your desktop has on-board extra-shitty über-crappy audio. What motherboard?
You really want to filter >22kHz properly, with a high-degree filter preferably. Everything above that is either aliasing (noise), or evil anyway.
Firewire yes. Firewire can muck around with system RAM directly.
Well, not exactly. It is possible to configure a FireWire controller's DMA access to have full access to the system RAM. Apple does this so that you can use an iPod to get crash dumps (then disables it because it's a security hole, then reopens it in the next release because sysadmins complain that they can't get crash dumps, then disables it because...). You'll typically have an IOMMU between the FireWire chip and the system RAM though, so it's possible for the host to restrict this access.
USB cannot it all has to go via the CPU.
Modern USB controllers also support DMA. If there's a bug in the controller firmware, then this could be exploited to allow device-initiated, rather than driver-initiated, DMA.
I am TheRaven on Soylent News
One of the more interesting bits of malware I've seen recently ran in the controller for USB keyboards. These things have 128KB of flash, of which about 10KB was free. That was enough for a keylogger that was triggered by certain stimuli (e.g. power just turned on, 'su' typed) to record short segments, and which would dump its buffer into a special USB device plugged into the USB hub on the back of the keyboard. You could install a load of them in an office somewhere and just have a cleaner come around and plug things into the backs as he went around the room.
For a decade or so, flash has been cheap enough to use as a replacement for ROM and the benefits are obvious to a hardware manufacturer. You can delay ROM programming until after final assembly, giving you a shorter time to market and you can do bug fixes in the field. Both of these mean that you want to have a bit more flash capacity than you actually need, because either you don't know the final firmware size when you spec the device, or you might want to add some features later.
I am TheRaven on Soylent News
It all just boils down to the speaker size really. A subwoofer cannot produce high-frequency sounds, but is good for delivering the necessary energy for low frequencies. A small speaker cannot produce low frequency sounds but can touch the ultrasonic range when it comes to high frequencies.
How the hell is communication via the power cable possible?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
You would also have to rewrite all the embedded firmware, including but not limited to BIOS.
BS.
Dial-up Modems, Credit Card readers, Magnetic Casettes, all make various kinds of noise, and HD audio codecs in PC's can do 192Khz sampling rates. It's not that the computer "can't" generate this but rather the human at the machine can't tell it's happening because they can't hear that upper frequency.
There are some people who can't stand to be in the same room as a CRT monitor, GUESS WHAT FREQUENCY A CRT MONITOR RUNS AT? 15625hz , See also http://en.wikipedia.org/wiki/The_Mosquito
That's a sound that many Adult/Teen's can't hear AND can be generated by the computer's sound card.
I'm not saying this article is true, but the plausibility is.
Can, does.
In both instances.
"Cannot" and "analog" don't go together very well.
Kid-proof tablet..
Agreed. Interesting stuff.
Except:
Using your own example, it might just be that 128 kilobyte flash chips are cheaper than 118 kilobyte flash chips. :)
Kid-proof tablet..
Yes, although 15 years ago they'd probably have spec'd out a 64KB chip and then applied pressure to the software team to trim the code until it fitted in 64KB. But, yes, it's very common to have code that needs to be just over a power of two size and it's cheaper to buy the bigger chip than to to try to squeeze the code smaller. Especially for very small sizes (under about 4Mbit) the cost of the packaging is such a dominant factor in the code of the IC that you may not even be able to get the smaller chips for less money.
I am TheRaven on Soylent News
I wonder if the flash-BIOS-procedure is part of the firmware that are being replaced when flashing. Then you might actually prevent any reflashing of BIOS. Or just extract the version number for the new flash to make it look like the update was done.
Maybe, but the attenuation is so high that those frequencies can be dismissed for practical purposes.
No. Not maybe: Can. Does.
Feed a "subwoofer" a 19kHz sine wave. What comes out? Is it all reduced to heat? Go ahead and try, and you'll see: Sound comes out. Measurably. At 19kHz. (probably with a whole lot of nasty harmonics starting at 38kHz, and a great deal of heat compared to other frequencies, but that's not the point.)
Meanwhile, please define "practical."
If "practical" means sending low-speed data between two computers in close proximity at a frequency that is difficult or impossible for an adult to hear over normal ambient noise and/or tinnitus: Yes. Practical.
Common folks were unknowingly solving more difficult problems than this with 486 CPUs doing the heavy lifting for software-based modems in ~1995, using nothing but a DOS TSR for a driver. And other folks have been doing this with tubes, coils, and caps since the dawn of radio.
Moving data from A to B using sound is by no means any great technical challenge, given modern consumer audio hardware and a modern CPU.
Kid-proof tablet..
For most of the three years that Ruiu has been wrestling with badBIOS
And Don Goodin comments:
no one has independently corroborated Ruiu's findings
After three years no one has corroborated? Seems likely Dragos has slipped a cog or two. Take a couple of the machines, send them to a colleague. 'Are you seeing what I see?' Not at all difficult.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Pretty darn impossible, you have to do significant mods to the circuitry on a laptop mic to have it receive Ultrasonic audio. Then you have the issue that most laptop batteries lack the ability to create sounds above 40K, So unless this "virus" comes with nanobots that modify the circuits, It's pretty much a bunch of BS.
I tried many times to use computer speakers and mics as a poor mans Ultrasonic system. you can see on a scope easily that you get a 24db roll off on the high end.
Do not look at laser with remaining good eye.
none of the audio analog circuitry on the frontend will let it pass. Go ahead, look at the output of your best soundcard and a ramp generator and watch it roll off rapidly on the scope when you go above 35khz.
Do not look at laser with remaining good eye.
No there is NO plausibility, Please, Please stop adding credibility to this bullshit in this made up bit of fiction.
None of the electronics in your computer is designed for ultrasonic, and in fact it's freaking filtered out to get rid of problems. I dont care if the chips can do 99ghz, the analog components for filtering on the input and output significantly attenuate it, then you have the fact that the speakers can not generate it nor the microphones having the ability to receive it.
Anyone with even a 101 level in analog electronics or audio design knows that what he is claiming is 100% impossible and has no plausibility. anyone can verify it with a cheap Oscilliscope and a ramp generator. This "virus" cant unsolder and change components.
Do not look at laser with remaining good eye.
"News flash: Loudspeakers and microphones, being analog devices, do not (and cannot) have any particular "cutoff" frequency:"
Yes they do, and it's called a "roll off" because it's a logarithmic reduction in efficiency of the device for the frequency. every single speaker and mic manufacturer publishes the graphs showing you the natural design roll off.
Do not look at laser with remaining good eye.
You dont have to desolder it, there are clips that let you read the chip unless it's a crappy BGA chip, then you need to do a lot more.
Reading bios chips is not hard at all and is done all the time.
Do not look at laser with remaining good eye.
Certainly not in the miniscule space that is left over in a Bios chip. A lot of the claims he makes are based on things that cant exist. You dont have a ton of space in the bios flash left over after the bios is loaded, and the virus cant completely replace the bios and work for any motherboard, Hell even the open source bios guys have problems writing a public bios that works on more than a very tiny handfull of motherboards.
So the virus needs to be written by an expert that knows how every single computer ever designed will work and it compensates for every single chipset in existence in every configuration..
The fact the article does not give out ANY details at all makes it highly fishy. Not even details on the computers them selves such as what bios, what chipset, what motherboard make and model, etc....
Do not look at laser with remaining good eye.
And fit it in a 1mb payload.
Do not look at laser with remaining good eye.
http://en.wikipedia.org/wiki/CIH_(computer_virus)
It was the only one ever in the wild and it did not spread very far because it was destructive.
Do not look at laser with remaining good eye.
I doubt he's running an old version at this point. Between the sophistication and how thoroughly his setup seems to be owned I find it highly unlikely that at least one of the machines hasn't phoned home for updates. After that it would spread amongst the infected machines through USB drives, LAN, or even the acoustic networking.
Nope, that's not it. This would have been in the fall/winter of 1996. It was loaded into BIOS by accidentally booting off a floppy, and once there would infect any other disk that you put in the machine. It didn't kill the machine immediately and I never knew what the trigger was, but at some point the customer would boot up the computer and random ASCII characters would fill the screen and it would stop. We'd have to tell the customer that their machine was dead and they probably needed to replace the BIOS of any other computers they owned.
There were other BIOS viruses at the time, but this was the only one I encountered that wasn't immediately destructive and which worked on more than one BIOS manufacturer. Some (most?) of them would let you warm boot the computer indefinitely, while infecting every disk you put in them, and then kill the machine dead when you turned off the power.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
There are a few places where the potential reward for investment make sense. Most high security environments (e.g. military, foreign embassies, etc) use separate networks to maintain security. Data is transferred from less classified networks to more classified networks via external media frequently, but not the other way. Standard practice is for two (or more) computers to exist on a person's desk with access to networks with a different level of classification. That person may be able to transfer files using a USB key. One of those is most likely a laptop that connects to external networks and which might be possible to compromise, particularly with a targetted attack. If the primary purpose is extraction of data, then a very sensitive listener could be sufficient.
I suspect that if this is at all possible, NSA (and other organisations) would be prepared to spend big on research because jumping an air gap could have huge rewards. It wouldn't surprise me that if this wasn't available now, there would be people from various organisations would have been researching since the story broke.
I think the easiest way to prove / disprove this would be to check the security policies of various organisations. If there are indications in the policies of measures to prevent this kind of attack (e.g. internal speakers removed, headphones only), then I think some credence should be given to the claims.
Just about every sound card ( and everything else ) in the last ten years had been made in a factory in China. What is to stop the PLA from slipping just this kind of malware into a sound card chip? Maybe they can even activate and update using sounds from a television.
The alternative to limited government is unlimited government.
I hear they call her "the Umbrella Woman". She was also spotted at the Grassy Knoll in November, 1963...
This thing goes all the way to the top, people!
*puts on soundproof tinfoil helmet*
No, it does not make "perfect sense". It makes as much sense as removing the DVD drive, as the DVD drive is a known attack vector, and there are DVD's in the room.
What potential hardware backdoor do you speak of? And how would the other PC modulate the power enough to communicate via this backdoor?
To misquote a famous quote:
"If that what remains after eliminating the impossible is extraordinarily unlikely, then you've probably screwed up somewhere"
It's far more likely some mistake was made in eliminating other vectors of attack than some insanely unlikely new mechanism has been developed to communicate via a laptop's power cord over house current.
It has not been my experience that computer speakers are capable of making sounds much outside the range of human hearing, nor computer micophones capable of picking such sounds up.
300 samples sounds like a click, and using assembly you can write viruses that small. You could hear it if you were aware of it, but it wouldn't stand out.
That said, I'm skeptical too.
Free Martian Whores!
Firewire DMA attacks are well documented and used in the field, but that isn't what I was referring to. Also, you are missing a step in your statement: USB has to go to the USB Controller first, which is its own microprocessor, so there is a little more room for bugs. Honestly, you didn't respond to a single thing I posted.
Here are a few examples of some exploits in USB drivers for Windows/Linux. It's well known at this point that physical access to a machine means game over, but exploitable USB drivers make it all too easy. What's that? Kernel level drivers exploitable that were patched only this year? The magnitude of this problem is vast. Any device in the USB protocol can represent itself as any vendor/product id it wants, and attack that driver specifically. Do you even want to know how many drivers are bundled in modern OS's?
High frequency (perhaps not technically 'ultrasonic') transmission of data can be done in JavaScript so this, too, is plausible at many levels. Note: we are discussing networking over sound, not exploiting.
Frankly, I'm really disappointed at the lack of imagination I am seeing in a lot of these Slashdot posts.
A high-frequency sound has also the benefit of travelling long distances in air.
Actually, you have that backwards. The higher the frequency the more directional it is, but lower frequencies take more power.
Free Martian Whores!
No, that was the Clabber Girl, with her trayful of the Rectangular Parallelpipeds of Head-Bursting Death
I'm not up on my Audio Engineering, so excuse me if this question is recockulous, but since mic / speakers basically work on the same principles, is there any chance that its theoretically possible they are transmitting ultrasonic with the mic and receiving on the speakers!?
Walk with Music;
https://en.wikipedia.org/wiki/Power_line_communication
Assorted stuff I do sometimes: Lemuria.org
My Google Nexus tablet speaker and microphone are not capable of ultrasonic communication.
I can prove it. It's barely capable at 18khz.
I think this guy watched way too much SciFi drinking Red Bull all night.
You can not inject malware through the power supply if the device is not made to communicate via a power line modem. Malware is not going to build
out a line carrier modem on the device. Even if the computer was based on a FPGA. You need a workstation or decent desktop to compile vhdl and download it to the device. Not all fpga devices are the same. this article is total nonsense.
the only possible ways that make sense is bluetooth, wifi, infected cellular data carrier. the old days was infected jpg files. it was easy. microsoft explorer had so many flaws. Code was contained in the jpg image.
Guys/Gals it's halloween!!!!
If programmed in assembly, it might be doable. Just look at the 64k demo scene. It's amazing what you can cram into a small file when using that language.
Life is not for the lazy.
I'm not up on my Audio Engineering, so excuse me if this question is recockulous, but since mic / speakers basically work on the same principles, is there any chance that its theoretically possible they are transmitting ultrasonic with the mic and receiving on the speakers!?
No. The input and output circuit amplifiers are arranged to only allow signal flow in one direction.
FYI, amplifiers can be arranged to allow 2 way signal flow (aka "full duplex") over a 2 wire connection. An example is a basic, landline telephone. You can demo this with 2 basic, landline phones, 2 phone jacks and a 9V battery. Connect the red wire from one jack to the red wire from the other, then both to + on the battery. Likewise, the green wires to - on the battery. Then with an assistant, each of you pick up one of the 2 handsets. You will be able to talk and hear each other over the 2 wire connection between the phones.
Over simplified diagram: http://pastebin.com/hQN58jDd - Download and save with the extension ".svg" then open file with Firefox, Chrome or Opera to view it.
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
I just tested my PC's speakers / microphone... The power output is rock steady up to 15kHz, then falls to 75% by 20kHz, 50% by 30kHz, and about 10% by 40kHz. Then it stays that way to fiftish kHz, which is as far as my loop went.
How did you test it?
The typical PC sound card as a DAC frequency of 44.1kHz, so the frequency of the carrier tone would have to be less than 22kHz - probably around 15kHz - to reliably transmit data.
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
Sure, but all of those methods require special hardware. There is no way a random unmodified laptop could do it.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Which, incidentally, never really rolls off to zero within the range of frequencies being discussed.
Remember, I said that they do not have any particular "cutoff" frequency. I did not say that they were absolutely linear in all ways from DC to daylight.
(Disclaimer: I've been designing and implementing loudspeaker installations for some years. But if you really insist on teaching me something, by all means, give it a shot. Good luck!)
Kid-proof tablet..
Sorry, you're wrong, you absolutely can transfer data this way. The amount of data you can send is tiny, but stop spreading misinformation. It is 100% possible.
More than theory, it has been done. Some of the "experts" getting modded up are out of their element.
Not in an ultrasonic range.
Well.. Yeah, of course its stupid if you consider only things in the realm of the possible! What about as of yet undiscovered technologies, like sonic screwdrivers?
Not with powerline. But you are underestimating the power of side-channel attacks. There's proof of concept code out there to send messages via timing difference in CPU cache access speed. Getting data across the power line without special hardware is certainly daunting, but not necessarily impossible. It was worth the 5 minutes it took to rule it out.
Assorted stuff I do sometimes: Lemuria.org
Perhaps you grew up on today's bloatware that can't fit on a single DVD, but the entire first version of MS Flight Simulator and 6 or 8 aircraft with maps for most major US airports fit on a single floppy disk. IIRC, all of DOS 5 fit on three floppies, and Windows For Workgroups with DOS and the TCP/IP add-on was nine or ten. That's under 15 mb. There's an awful lot you can do in a very small footprint.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
Some sound cards support bandwidths up to their Nyquist frequency making them useful in instrumentation applications. That says nothing of course about the analog circuits and transducers they are connected to which will not be optimized for operation at ultrasonic frequencies.
http://www.clarisonus.com/Research%20Reports/RR001-SoundCardEval/RR001-PCsoundCards.html
We used to sneak the LHX helicopter sim game into the lab and play it off a microfloppy.
How would you know what settings changes to counter, for multiple OS'es, a couple years into the future? Writing code to monitor how many windows registry, mac settings, bsd setting that may or may not exist when they are used or might not have existed when you wrote the logic? That alone is quite a feat.
Then there's the whole sonic communication thing. And ability to
THL phish sticks
Most of an OS stays the same from one version to another. Regedit for instance has not changed since NT 3.51, nor have most of the important hardware keys like the ones that control the CD drive access.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin