Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ars: Cross-Platform Malware Communicates With Sound

Posted by timothy on from the beep-beep-you're-dead dept.

An anonymous reader writes "Do you think an airgap can protect your computer? Maybe not. According to this story at Ars Technica, security consultant Dragos Ruiu is battling malware that communicates with infected computers using computer microphones and speakers." That sounds nuts, but it is a time-tested method of data transfer, after all.

14 of 245 comments (clear)

  1. And there's a whole series of comments at Ars... by NeverWorker1 · · Score: 5, Informative

    Explaining why the whole thing is probably a hoax.

  2. Not all THAT impossible by Beavertank · · Score: 3, Informative

    That is how one of the original iPods had their firmware dumped after all, it was played out through the little piezo click speaker at some absurdly low data rate.

  3. Re:Summary is contradictory. by bhlowe · · Score: 3, Informative

    Siri could understand and respond to another instance of Siri on a second iPhone.. so not totally impossible. Audio processing and acoustics have come a long way since the 9600 baud modem.

  4. Re:Hoax by NIK282000 · · Score: 3, Informative

    If you are working with a modern laptop that's not an option.
     
    Using FM above what most people can hear you can blast a squarewave at full power that could easily fill the room, if the door is open you could probably receive it in adjoining rooms. Come to think of it you could probably transmit in parallel on a number of different frequencies as long as they arent multiples of each other. It wouldn't be gigabit but it would be plenty fast for sending command and control information.

    --
    Dear aunt, let's set so double the killer delete select all
  5. Re:And there's a whole series of comments at Ars.. by geekoid · · Score: 4, Informative

    " Dragos Ruiu (@dragosr), the creator of the pwn2own contest"
    It would be odd for him to screw up his rep with a hoax like this.

    http://www.securityartwork.es/2013/10/30/badbios-2/?lang=en

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  6. Re:Or EMI by Anonymous Coward · · Score: 2, Informative

    That's a good implication, as not everyone in Europe has an umlaut in their name...

  7. Re:Hoax by Khyber · · Score: 3, Informative

    "If you are working with a modern laptop that's not an option. "

    Actually, it's a very easy option. Usually the microphone cable (and conveniently, the camera cable if there's a bezel camera) are directly underneath the keyboard. In most non-Apple laptops, that's easy access with just a few underside screws and under-battery screws. And funnily enough, you usually get speaker access while going for those cables anyways, so it's an all-in-one trip maybe involving 8 or 9 screws.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  8. Re:Hoax by DdJ · · Score: 4, Informative

    Sorry, that sort of acoustic coupling is bound to be loaded with errors. You might be lucky to get 16 BYTES per second, and even then, those speakers aren't powerful enough to transmit very far.

    You know that ultrasonics are precisely how a modern Furby communicates with its companion iPhone app? (There's even perl code implementing it so you can hack them.)

  9. Found it! by coolsnowmen · · Score: 3, Informative

    I didn't believe you at first but: http://hardware.slashdot.org/story/05/01/29/2017244/piezo-acoustic-ipod-hack

  10. Re:And there's a whole series of comments at Ars.. by Tuidjy · · Score: 5, Informative

    I just tested my PC's speakers / microphone... The power output is rock steady up to 15kHz, then falls to 75% by 20kHz, 50% by 30kHz, and about 10% by 40kHz. Then it stays that way to fiftish kHz, which is as far as my loop went.

    I could already not hear it by 14kHz... damn I'm old. Last time I did something like this, I was OK up to 17kHz, and back at the Institute I was fine at 19kHz.

    I think that no one hear 30 kHz, and you still get 50% power on my PC... which is nothing special. You can definitely get decent communication outside of hearing range.

    --
    No good deed goes unpunished...
  11. Let me get that for you... by connor4312 · · Score: 4, Informative
    It seems like the vast majority of people started flaming without reading the author's comment, so here it is:

    Dear Ars readers,

    As a journalist for more than 17 years, I have never written a spoof story for April Fool's Day or any other holiday. I certainly had no intention of doing so with this article. It's completely coincidental that this story ran today, on Halloween.

    The ninth paragraph of my article reads:

    Quote:
    "At times as I've reported this story, its outline has struck me as the stuff of urban legend, the advanced persistent threat equivalent of a Bigfoot sighting. Indeed, Ruiu has conceded that while several fellow security experts have assisted his investigation, none has peer reviewed his process or the tentative findings that he's beginning to draw."


    Here and elsewhere in the post, I have tried to make clear that many of the details of this article sounded far-fetched to me. They still do. I have also tried to be transparent that no one has independently corroborated Ruiu's findings. That said, these same details have been publicly available for more than two weeks, and a large number of Ruiu's peers find them believable.

    I decided to resolve this conflict between my own skepticism and the reaction of Ruiu's fellow security researchers by reporting accurately what all of them said and making clear that so far no one has peer reviewed Ruiu's research process or findings.

    I have no doubt that researchers will pore over every laptop and USB drive Ruiu makes available and independently arrive at their own conclusions. I fully intend to report whatever they find. If they find no evidence to support Ruiu's account, Ars readers will be among the first to know.

    Regards,

    Dan Goodin

  12. Re:And there's a whole series of comments at Ars.. by Tuidjy · · Score: 3, Informative

    Hmm... never mind about my PC not being anything special. Here is a Mac Book Pro graph I just googled:

    http://www.gearslutz.com/board/attachments/so-much-gear-so-little-time/285773d1333712202-what-frequency-response-typical-built-laptop-speakers-mbp15.jpg

    Clearly desktops have a much better range than laptops.

    --
    No good deed goes unpunished...
  13. Response by Robert Graham by Anonymous Coward · · Score: 2, Informative

    Robert Graham has published a well-written response:

    http://blog.erratasec.com/2013/10/badbios-features-explained.html

  14. Read the article! by Egdiroh · · Score: 4, Informative

    1) The assertion is that this malware infects as many bioses on the machine as it can. But a bios isn't big, so instead of containing code to directly infect the main OS, it contains code to setup a mesh network with it's peers to download the appropriate OS root kit.
    2) The air gap was on a laptop (with a battery) in a room with potentially infected machines.
    3) There never was a claim that a completely clean machine was infected over any method, just that a machine that had been the recipient of a lot of low level cleaning, and disabling managed to demonstrate a full re infection after spending enough timeout the proximity of other infected machines.

    None of things asserted here are particularly novel. Infections at all levels bios, aren't novel. Mesh networking, isn't novel. Acoustic networking isn't novel. The arrangement of them to maximize the effectiveness of them is the novel part. But also in retrospect is also pretty obvious. Rather then try to code for all the bios and OS combinations, and all the OS and device combinations, you code for all the bios and device combinations, and then code for all the OS choices in a one off.