Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ars: Cross-Platform Malware Communicates With Sound

timothy posted about a year ago | from the beep-beep-you're-dead dept.

Networking 245

An anonymous reader writes "Do you think an airgap can protect your computer? Maybe not. According to this story at Ars Technica, security consultant Dragos Ruiu is battling malware that communicates with infected computers using computer microphones and speakers." That sounds nuts, but it is a time-tested method of data transfer, after all.

cancel ×

245 comments

Sorry! There are no comments related to the filter you selected.

And there's a whole series of comments at Ars... (5, Informative)

NeverWorker1 (1686452) | about a year ago | (#45294177)

Explaining why the whole thing is probably a hoax.

Re:And there's a whole series of comments at Ars.. (2)

ericloewe (2129490) | about a year ago | (#45294277)

At this time, I'm taking the whole thing with a handful of salt. It's not totally impossible, though.

Re:And there's a whole series of comments at Ars.. (5, Interesting)

NeverWorker1 (1686452) | about a year ago | (#45294339)

Besides the many, many stretches of the imagination required for his story (e.g., it infects the firmware on all major brands of USB drives, he never extracted a binary blob or sent the infected device to the manufacturer, the audio communication silliness, the fact that he apparently thinks infection could spread through the power cable, and so on...) the biggest issue to my mind is that if this is so communicable, why in all the time he's had it under observation has it never spread anywhere else? Also, why has he not shown it to a colleague. This is the sort of thing that goes over huge at conferences.

Re:And there's a whole series of comments at Ars.. (4, Informative)

geekoid (135745) | about a year ago | (#45294501)

" Dragos Ruiu (@dragosr), the creator of the pwn2own contest"
It would be odd for him to screw up his rep with a hoax like this.

http://www.securityartwork.es/2013/10/30/badbios-2/?lang=en [securityartwork.es]

Re:And there's a whole series of comments at Ars.. (5, Insightful)

Anonymous Coward | about a year ago | (#45294831)

Name one reason why he didn't send the BIOS or a copy thereof to be examined by the OEM....***after three years of not being able to fix this***.

My next question would be: why did it take him so long to figure out that the USB might be the vector? But before you answer that question ask yourself this also: why hasn't he contacted the major USB drive manufacturers since this seems to be FAR more about a vulnerability at the USB controller level(far, far, far below control of the OS) that has been leveraged to then exploit writing a new firmware?

If this is a USB hardware exploit then the rest of this is superficial but after 3 years, you'd figure that someone would have found another copy of this thing by now yet he's the only one. If he wasn't aware that it spread through USB for 3 years, the odds of him bringing an infected jump drive to a friend or colleague's computer where it would then spread even more are so high that I can't believe no one has asked these questions.

IF it's a USB exploit, I'm fucking impressed but since he's played the "how many people can believe that I'm this stupid" card so many times in his "research" on this(I'm saying nothing of his other experience, mind you), I'd say it's likely a hoax of some sort.

Re:And there's a whole series of comments at Ars.. (5, Insightful)

Tuidjy (321055) | about a year ago | (#45294631)

I think many of the commentators both here and on Ars Technica are making a basic mistake. No one claims that the machine is infected through its microphones. Duh! How would it know to listen and interpret noise as instructions. The claim is that once infected, the machines communicate using their speakers and microphones.

Is it possible? Sure. Do I consider it likely? No. It's one Hell of an effort for very little gain... in general. But we all have hobbies, so someone may have written a virus that infects through USB drives, overwrites BIOS, and resists the clean up of physically disconnected machines by communicating via sound.

Do I believe this particular story? Hmm... no. Mostly because, despite the reputation of the author, the article makes it sounds that basic mistakes were made during the cleanup process, and because not enough information has been shared with the community.

But if I was told the story is true, I could come with a great conspiracy theory to explain it. The author tries to keep all the fame for himself, the author is being threatened by the high tech agency that developed the strain but let it escape, the virus has alien origin...

Re:And there's a whole series of comments at Ars.. (2)

taustin (171655) | about a year ago | (#45295101)

It has not been my experience that computer speakers are capable of making sounds much outside the range of human hearing, nor computer micophones capable of picking such sounds up. Maybe he buys comptuers with extremely high end sound equipment, but I'm a bit skeptical that nobody noticed the audio.

Maybe he sniffed a little too much of the magic smoke the virus let out.

Re:And there's a whole series of comments at Ars.. (5, Interesting)

ericloewe (2129490) | about a year ago | (#45294679)

Assuming this is more than a hoax, here's a bit of devil's advocate:

After the initial infection and subsequent cleaning (let's assume it survived somehow - hell, it might have been a compromised USB keyboard), the issue was forgotten for a while until the mentioned symptoms started appearing - since they seemed to be mostly inconveniences that often plague BIOS/UEFI (If I had a buck for each hour I've spent figuring out how to boot with drive X on system Y...) or could be atributed to more mundane causes, the investigation of these issues was considered not prioritary, as there were seemingly more important tasks to do.

More recently, a connection was established that suggested it might be more than just random bad luck - this then took a while to investigate, especially because ruining hardware (desoldering the BIOS chip to extract its firmware) is typically the last resort when investigating something.

Again, this is just speculation as to why this whole story took three years so far.

And regarding the power cable: Powerline networking is commercially available and well-understood, as is transmitting data along with low-voltage DC (PoE). If you come to the conclusion that information is being exchanged after removing all network interfaces, it makes perfect sense to try (it's not exactly hard...) to unplug the laptop, to eliminate a potential hardware backdoor. Honestly, what I considered paranoia not too long ago is starting to look more likely every day...

Re:And there's a whole series of comments at Ars.. (5, Funny)

Austrian Anarchy (3010653) | about a year ago | (#45294529)

At this time, I'm taking the whole thing with a handful of salt. It's not totally impossible, though.

That is next month's article: "Cross-Platform Malware spread through common table salt"

Re:And there's a whole series of comments at Ars.. (4, Interesting)

gandhi_2 (1108023) | about a year ago | (#45294859)

I have a hard time believing that you could pack enough logic into bios that could anticipate and counter your actions in OSX, BSD, and Windows.

Otherwise, this code must maintain a link to the outside world, relying on equipment that may or may not be anywhere near by, and then a human would have to monitor this machine and send commands back. That would take an insane level of commitment.

If this was real, wouldn't every security researcher, hardware manufacturer, and government in the world be at this dude's lab to get in on the action?

Communicating via sound or ultrasound from speakers to microphones. Possible. The rest of it... leaves me dubious.

Re:And there's a whole series of comments at Ars.. (0)

Anonymous Coward | about a year ago | (#45294283)

How the airgapped computer got infected in the first place is the real issue here...

Re:And there's a whole series of comments at Ars.. (1)

Russ1642 (1087959) | about a year ago | (#45294319)

The IT guy says I can't use my thumb drive. He's just being paranoid.

Infected at the factory ... (1)

perpenso (1613749) | about a year ago | (#45295045)

How the airgapped computer got infected in the first place is the real issue here...

It came that way from the factory. It happens.

Or EMI (5, Interesting)

goombah99 (560566) | about a year ago | (#45294321)

Back when I had an altair 8800 we used to play a teletype game called star trek. We kept a radio tuned off channel on in the room. When you fired a laser the code executed a fast loop that emitted EMI in a ramping frequency. the radio would make a phaser noise.

IN Europe it was discovered that the most common brand of voting machine would emit EMI differently depending on whether the character in the displayed name had an umlat or not (special character set). SO you could tell who people voted for when one candidate had an umlat.

Re:Or EMI (3, Funny)

mythosaz (572040) | about a year ago | (#45294377)

SO you could tell who people voted for when one candidate had an umlat.

>implying everyone in Europe doesn't have an umlaut in their name.

Re:Or EMI (2, Informative)

Anonymous Coward | about a year ago | (#45294591)

That's a good implication, as not everyone in Europe has an umlaut in their name...

Re:Or EMI (1)

mythosaz (572040) | about a year ago | (#45294633)

...that's just Slashdot's lack of Unicode support talking. You just can't see the umlauts.

Re:Or EMI (1)

NeverWorker1 (1686452) | about a year ago | (#45294453)

Many years ago, I used to have a program on my TI-81 that did this exact same thing.

Re:Or EMI (0)

Anonymous Coward | about a year ago | (#45294561)

Many years ago, I used to have a program on my TI-81 that did this exact same thing.

I did it with the clack clack noise of my abacus.

Re: comments at Ars... (1)

BoRegardless (721219) | about a year ago | (#45294473)

Article: "Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped."

OK, so now you have a single action (eliminating acoustic duplex mechanism) and suddenly the data transmission ceases. That is pretty convincing that an 'entity' has wound up programming a system to manage/infect/reinfect computers near each other even when all I/O methods are turned off/disabled.

Even if this is a hoax, it is obviously a transmission scenario no one until know has paid attention to, except maybe the NSA or Russians or France or Israel or China

Pooch to the rescue (1)

He Who Has No Name (768306) | about a year ago | (#45294547)

...it'd also be stupid simple to detect. All you need is a sound meter.

Or, a dog.

Re: comments at Ars... (0)

Anonymous Coward | about a year ago | (#45294635)

And how did he know it was transmitting network data? Was there some sort of /dev/soundcard packet statistic? "Forensic tools" showed packets but didn't show the interface on which the packets were travelling? Don't forget the zero power requirement: the zombie virus doesn't use electricity.

Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed.

This is a hoax, but probably an educational one designed to highlight fantastic-yet-maybe-almost-posssible things that malware could do, like live off capacitor power and stay resident in the firmware of a sound card.

Re: comments at Ars... (1)

Wintermute__ (22920) | about a year ago | (#45294925)

It's called a battery. Most laptops have them.

Re: comments at Ars... (0)

He Who Has No Name (768306) | about a year ago | (#45294929)

I'm assuming they had this thing called a "battery". Most computers with built in speakers AND microphones are laptops of some kind.

Ridiculously hyperbolic (0)

Anonymous Coward | about a year ago | (#45294195)

No one is suggesting that this thing can transmit itself from one infected device to another using sound, the ridiculously hyperbolic article just makes it seem like that's what's being claimed so that people will find it more interesting. This whole thing is full of red flags.

Battling? (0)

Anonymous Coward | about a year ago | (#45294217)

Really?

This seems like it would be one of the easiest viruses to contain.

Captcha reads "loathing". Looks like Slashdot is finally starting to catch on.

Time tested? (4, Funny)

bob_super (3391281) | about a year ago | (#45294227)

I'm confused, you mean information can actually be conveyed via air vibrations?

Re:Time tested? (0)

Anonymous Coward | about a year ago | (#45294331)

http://en.wikipedia.org/wiki/Kansas_City_standard

The Kansas City Standard interface lives on!

Re:Time tested? (1)

Anonymous Coward | about a year ago | (#45294375)

you mean information can actually be conveyed via air vibrations?

Not really, it's just noise.

Re:Time tested? (4, Funny)

Rob the Bold (788862) | about a year ago | (#45294387)

I'm confused, you mean information can actually be conveyed via air vibrations?

If you'd only listened in school, you'd know that . . .

Hoax (3, Insightful)

Khyber (864651) | about a year ago | (#45294237)

Sorry, that sort of acoustic coupling is bound to be loaded with errors. You might be lucky to get 16 BYTES per second, and even then, those speakers aren't powerful enough to transmit very far.

Airgapped room? Those frequencies from laptop or regular internal computer speakers aren't going to make it past the walls.

Give me a break, slashdot.

Re:Hoax (0)

Anonymous Coward | about a year ago | (#45294291)

Exactly. That or build the airgapped computers without microphones/speakers. Kind of tough to send/receive audio signals without the hardware that send/receive the audio signals

Re:Hoax (3, Informative)

NIK282000 (737852) | about a year ago | (#45294405)

If you are working with a modern laptop that's not an option.
 
Using FM above what most people can hear you can blast a squarewave at full power that could easily fill the room, if the door is open you could probably receive it in adjoining rooms. Come to think of it you could probably transmit in parallel on a number of different frequencies as long as they arent multiples of each other. It wouldn't be gigabit but it would be plenty fast for sending command and control information.

Re:Hoax (3, Informative)

Khyber (864651) | about a year ago | (#45294723)

"If you are working with a modern laptop that's not an option. "

Actually, it's a very easy option. Usually the microphone cable (and conveniently, the camera cable if there's a bezel camera) are directly underneath the keyboard. In most non-Apple laptops, that's easy access with just a few underside screws and under-battery screws. And funnily enough, you usually get speaker access while going for those cables anyways, so it's an all-in-one trip maybe involving 8 or 9 screws.

Re:Hoax (3, Funny)

coyote_oww (749758) | about a year ago | (#45295093)

So once again, Terminator shows us the way. Defeat the malware by stationing dogs near all computers to listen for the telltale hyper frequency comms emitted by the machines.

Re:Hoax (1)

Krishnoid (984597) | about a year ago | (#45294307)

Seriously -- I mean even his photo [arstechnica.com] is so obviously derivative [wikia.com] .

Re:Hoax (1)

BoRegardless (721219) | about a year ago | (#45294391)

Now tell me what acoustic modems transmitted at for POTS lines, even up to today.

If you use higher & higher frequencies, your data rate goes up & UP!

Re:Hoax (1)

geekoid (135745) | about a year ago | (#45294579)

But the transmission distance goes down. generally.

Re:Hoax (1)

geekoid (135745) | about a year ago | (#45294567)

wow. simply... wow.
16 BYTES(it could be much higher) could allow for a lot of data to exchange. Depending on the time.
And it's exchanging information with another infected system.
This is coming form an expert who runs pwn2own(Dragos Ruiu), so I would give it a little more thinking if I where you.

http://www.securityartwork.es/2013/10/30/badbios-2/?lang=en [securityartwork.es]

Re:Hoax (1)

Khyber (864651) | about a year ago | (#45294779)

I don't give blatant trolling any thought. Airgapped room? You're not bypassing walls at those frequencies, not with laptop speakers or internal computer speakers. Even if you had speakers powerful enough to get past that, you'd need a hellaciously sensitive microphone on the other side, and equally powerful speakers to transmit back if desired. Can we say feedback loop? Not only must the microphones deal with trying to pick up a faint noise through an airgap, they're also trying to ignore the noise of their own respective speakers to even try picking up an audio signal on the same frequency.

Pwn2Own or not, the guy fails at basic acoustic physics. Too easy of a troll to spot.

Re:Hoax (1)

fred911 (83970) | about a year ago | (#45294657)

Amtor mode b is FEC running at 100 baud, transfers some 70 words a minute.

Re:Hoax (4, Informative)

DdJ (10790) | about a year ago | (#45294761)

Sorry, that sort of acoustic coupling is bound to be loaded with errors. You might be lucky to get 16 BYTES per second, and even then, those speakers aren't powerful enough to transmit very far.

You know that ultrasonics are precisely how a modern Furby communicates with its companion iPhone app? (There's even perl code implementing it so you can hack them.)

It won't fit (0)

Anonymous Coward | about a year ago | (#45294253)

How the hell does one fit a DSP package next to a working BIOS?

Re:It won't fit (2)

Panaflex (13191) | about a year ago | (#45294691)

I think the article is complete bollocks, but simple basic DSP isn't that difficult if you use a simple codec. Hell, even a morse code type system with basic CRC checking wouldn't take more than 16k. It doesn't have to deal with echo (high frequency is rather directional), it doesn't have to deal with doppler (few moving objects), and it's obviously a secondary communications channel.

The thing that gives it away for me is that something could embed so deeply without being detected, as USB and networks are heavily scanned these days.

I have written plenty of kernel code, bios code and the like. The effort to get such perfect code running without causing crashes or being detected on the network would be enormous. If it's at all possible, it would certainly require government level funding.

I'm not saying it isn't possible - but it's just very, very unlikely.

In Space (4, Funny)

Anonymous Coward | about a year ago | (#45294255)

Nobody can hear your infected computer's scream.

Re:In Space (2)

Tablizer (95088) | about a year ago | (#45294411)

Dont' forget, HAL also reads lips.

Summary is contradictory. (1)

lxs (131946) | about a year ago | (#45294267)

Giving the C64 Datasette as an example of reliable data transfer has to be the most ridiculous thing I have even read.

LOAD
PRESS PLAY ON TAPE
?LOAD ERROR
READY.

Was an all familiar message for C64 users. Hell I managed to type it from memory after 30 years.

Re:Summary is contradictory. (3, Informative)

bhlowe (1803290) | about a year ago | (#45294345)

Siri could understand and respond to another instance of Siri on a second iPhone.. so not totally impossible. Audio processing and acoustics have come a long way since the 9600 baud modem.

Re:Summary is contradictory. (1)

Tablizer (95088) | about a year ago | (#45294385)

Audio processing and acoustics have come a long way since the 9600 baud modem.

9600 was a big step up. My first modem was 1200, you semi-insensitive clod!

Re:Summary is contradictory. (1)

Anonymous Coward | about a year ago | (#45294479)

My first modem was 300 baud, and we liked it.

Re:Summary is contradictory. (3, Funny)

Tablizer (95088) | about a year ago | (#45294511)

My first modem was 300 baud, and we liked it.

My first modem was a carrier pigeon, and we liked it.......for dinner.

Re:Summary is contradictory. (1)

grub (11606) | about a year ago | (#45294853)

1981: Manual switched 110/300 baud. RJ11 jacks for the phone and line. No acoustic coupler! I was the l337 kid on the block.

Re:Summary is contradictory. (2)

WillAffleckUW (858324) | about a year ago | (#45294491)

Lol. N00bz.

I remember when 300 baud came out and it was an upgrade.

110 baud ftw.

Re:Summary is contradictory. (1)

dissy (172727) | about a year ago | (#45295021)

n00b, I still have my 110/75 baud acoustic coupler. It's out on my lawn, and I'll thank you both to get off it ;P

Re:Summary is contradictory. (1)

WillAffleckUW (858324) | about a year ago | (#45295085)

n00b, I still have my 110/75 baud acoustic coupler. It's out on my lawn, and I'll thank you both to get off it ;P

OOh. 75 baud. Wowsers.

Do you use magnetic cores?

Re:Summary is contradictory. (1)

geekoid (135745) | about a year ago | (#45294603)

1200! you were lucky. We use to listen to Satan's wind chimes at 300..and we were glad for it!

Re:Summary is contradictory. (1)

CanHasDIY (1672858) | about a year ago | (#45294407)

Meh - I'll be impressed when I can "write code" by telling my computer what I want it to do, ST:TNG style.

Re:Summary is contradictory. (1)

lxs (131946) | about a year ago | (#45294537)

Isn't that what coding in Prolog is like? You define the problem and the system figures it out for you.
Oh and you get assimilated by the Borg in the process.

Re:Summary is contradictory. (1)

operagost (62405) | about a year ago | (#45294807)

People used the cheapest 3-pack tapes back then and acted surprised when they failed. I mean, they sounded terrible with music... what did you expect?

Smells like BS (2, Insightful)

Pope (17780) | about a year ago | (#45294293)

I don't care how many tweets this guy's posted about, it doesn't pass the sniff test IMO.

Not all THAT impossible (3, Informative)

Beavertank (1178717) | about a year ago | (#45294305)

That is how one of the original iPods had their firmware dumped after all, it was played out through the little piezo click speaker at some absurdly low data rate.

Interesting (1)

benjfowler (239527) | about a year ago | (#45294329)

Now if this isn't total bullshit, then surely it wouldn't be hard for somebody to bash together some code to allow me to (say) put together a ghetto point-to-point link to blat files between devices in my house. Or do cheapish sensor networks for household appliances...

Re:Interesting (1)

benjfowler (239527) | about a year ago | (#45294343)

(Bet it'd drive the dogs absolutely nuts though.)

Re:Interesting (2)

canadiannomad (1745008) | about a year ago | (#45294785)

(Bet it'd drive the dogs absolutely nuts though.)

Now there's an idea... use the dogs as a signal amplification device......

I'll keep it rolling.... (3, Funny)

rts008 (812749) | about a year ago | (#45294861)

Is that anything like FidoNet? ;-)

Re:Interesting (1)

CanHasDIY (1672858) | about a year ago | (#45294455)

Why not use IR? you can make nice p2p links, without all that irritating noise.

Hey - it worked for the Romans.

Plop Plop, Fizz Fizz, Oh What a Hack it is. (4, Funny)

Tablizer (95088) | about a year ago | (#45294349)

This story is generating a lot of buzz.

First command given: (2)

Tablizer (95088) | about a year ago | (#45294357)

E-x-t-e-r-m-i-n-a-t-e!

If it's real (0)

Anonymous Coward | about a year ago | (#45294367)

If it's real, the obvious fix is hardware that won't transduce sounds outside the range of normal human hearing. Most of us can hear 8kHz and above, but we we can live without the higher frequencies in a laptop speaker/mic combo.

Full range audio playback in your home is obviously not vulnerable. If you need to *record* full range audio, then you'll just need to be careful; but eliminating the full range from 99% or more of the devices would reduce the attack surface to the point where it becomes unattractive. Unfortunately the product lifecycle is several years so manufacturers would have to start clipping frequency response *right now* to get us there.

This fails the simplest of tests... (1)

mythosaz (572040) | about a year ago | (#45294429)

This assumes two airgapped computers, both with compromised BIOS capable of sending and receiving ultrasonic messages from hardware and the ability to infect USB drives.

Therefore, it would be trivial to infect a new machine, and compare BIOS before and after.

It would be further trivial to not only test with and without speakers, but with speaker with a bandpass filter applied.

The first modems were acoustic couplers (1)

WillAffleckUW (858324) | about a year ago | (#45294471)

The only real problem is sound distortion and sound interference, but it is technically possible. ... yes, I'm that old, I remember when we got 110 baud and we LIKED it!

Re:The first modems were acoustic couplers (1)

drakesword (3203755) | about a year ago | (#45294625)

Surly this ascii picture of the naked woman will be downloaded by the time I return from holiday ...

Re:The first modems were acoustic couplers (0)

Anonymous Coward | about a year ago | (#45295013)

Darn it! Got the Alfred E. Neumann again!

Re:The first modems were acoustic couplers (0)

Anonymous Coward | about a year ago | (#45294949)

Do you have any kids in your neighborhood - and if so, do you have a lawn they should get off of?

Re:The first modems were acoustic couplers (1)

WillAffleckUW (858324) | about a year ago | (#45295071)

Do you have any kids in your neighborhood - and if so, do you have a lawn they should get off of?

Not many. But we do have a fine primary school three blocks away.

We replaced the lawn, creates global warming and pollutes waterways, use native plants and pavers instead.

Would you settle for cats? They like it.

Why (1)

ZombieBraintrust (1685608) | about a year ago | (#45294475)

Why would two computers infected with malware need to communicate this way? Couldn't they just use the net? Is this malware spread with thumb drives?

Re:Why (1)

ZombieBraintrust (1685608) | about a year ago | (#45294551)

Read it and now it makes sense. Target computer is not connected to network. Target computer and bridge computer are infected. target and bridge send each other packets using sound. bridge sends packets over network to attacker.

Re:Why (1)

rickb928 (945187) | about a year ago | (#45294577)

Please, I'm as dumb as a blade of grass and I see why this explanation is hooey. Target is not connected to the network. What on the target got the audio network up and running? Magick? USB stick? That's sneakernet. Nothing? then the audio on the target isn't talking or listening.

But I'm still trying to figure out where March went to...

Re:Why (1)

ZombieBraintrust (1685608) | about a year ago | (#45294743)

Not hooey. The idea is that people transfer files with USB between the air gapped machine and network connected machines. You can get your malware on both by spreading the virus to USB drives. Using this technique the air gapped machine is connected to the network.

Re:Why (1)

suutar (1860506) | about a year ago | (#45294769)

since parent said that the target is already infected, one would guess that the virus got the audio network up and running.

Vacuum Gap (2)

mbone (558574) | about a year ago | (#45294487)

This will never happen if you are running your gear on the Lunar surface.

Just saying...

Re:Vacuum Gap (1)

Tablizer (95088) | about a year ago | (#45294533)

Wrong. Sound travels in the Aria 51 Apollo staging studio.

Re:Vacuum Gap (1)

TangoMargarine (1617195) | about a year ago | (#45294795)

Not sure if meant to make music joke or just misspelling...but if so, bravo.

Re:Vacuum Gap (1)

Krishnoid (984597) | about a year ago | (#45294601)

How would you cool it then?

Droning harmonically overloaded monotone (1)

Tablizer (95088) | about a year ago | (#45294587)

I told you there was something suspicious and sinister about bag-pipes! (Even more than mimes wearing QR-code makeup and clothing.)

Just because you can't understand it... (0)

Anonymous Coward | about a year ago | (#45294597)

Doesn't mean it isn't a possible or even probable avenue of attack. Any curious tech oriented person beyond a certain age recalls using sound as a data transmission medium.

I figured out how he sends news! (1, Funny)

Tablizer (95088) | about a year ago | (#45294613)

Palin translates Snowden's farts from her house.

So you can defeat it by... (1)

FuzzNugget (2840687) | about a year ago | (#45294701)

Muting your microphone?

Article is likely innaccurate on one point (0)

nuckfuts (690967) | about a year ago | (#45294729)

Everything described in the article - BIOS-level rootkits, cross-platform malware, infection via USB, acoustic transmission of data - is entirely plausible, but for the one assertion that audio transmission was used as the primary means of infection in some cases. For the target machine to receive and act on data sent via high-frequency sound waves, there would have to be software already running on the target to listen for and decode the transmission. Unless one assumes that such software is already present in all the affected operating systems (i.e. they are all backdoored), this cannot be the initial method of infection.

Given that Dragos is known to be neither a fool or a hoaxer, I expect he was talking about audio communication between already-infected computers, and that Ars simply overstated this aspect in their article.

Re:Article is likely innaccurate on one point (1)

connor4312 (2608277) | about a year ago | (#45294921)

That, or, as one Ars commenter suggested, he was infected accidentally. If that is the case, I would not be surprised if the malware he is running into is a sponsored by some state - the complexity of it suggests and organization with means. If that state was our lovely US of A, I would not put it past the NSA to mandate backdoors be built in operating systems. Now, this would obviously be trickier (I'd say impossible) to hide in open source systems like Linux or BSD, but he mentioned that the laptop was a Windows laptop.

What is possible and what is not (1)

aepervius (535155) | about a year ago | (#45294735)

1) it is impossible to contaminate a computer with sound. You would have to force the targeted non infected computer zto 1) open the micro channel 2) start saving the data in a format which 3) would be executable and 4) execute it and I probably forgot a few other improbable points. Most likely a computer was contaminated by other means, like USB sticks. Furthermore , ultra sound ? Frequencies around 20 KhZ ? I am doubting that in a normal room with air, and with other sound, those register properly. But I did in my dark past amuse myself to make two PC communicate using sound. it was slow and inneficient no matter the frequency, although I was limited at the time by the 19.2 Hz timer interrupt.

Seriously? (1)

BenJeremy (181303) | about a year ago | (#45294803)

Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed.

This is as far as you need to read. Geez, Clearly this virus has infected the system and re-written power management subsystems to utilize the CMOS battery to provide enough juice, probably reprogramming an EEPROM on the I2C system to execute code and infect other systems.

Was this article written by a Hollywood screen writer? Who is going to star in this one... Willis? Bullock?

Re:Seriously? (2)

asylumx (881307) | about a year ago | (#45294845)

Was this article written by a Hollywood screen writer? Who is going to star in this one... Willis? Bullock?

Bollocks.

Re:Seriously? (1)

Wintermute__ (22920) | about a year ago | (#45295033)

System was a laptop.

Re:Seriously? (1)

Anubis IV (1279820) | about a year ago | (#45295083)

I was thinking the same thing...then I realized the author of the article probably just did a crappy job of making it clear that he was talking about laptops that had their power cords unplugged to rule out powerline networking and the like. I'm willing to give them the benefit of the doubt on that one, since claiming that an unpowered computer can receive signals from an infected machine is patently absurd.

Re:Seriously? (1)

mythosaz (572040) | about a year ago | (#45295087)

Clearly this virus has infected the system and re-written power management subsystems to utilize the CMOS battery to provide enough juice, ...

CLEARLY the article mentioned it was a laptop machine, with a laptop battery in it...

I Don't Get It (1)

RevSpaminator (1419557) | about a year ago | (#45294835)

I can see how two computers could communicate through ultra sonic frequencies. But what I don't understand is how a computer can become infected just by being within audio range of an already infected computer. I mean, what causes the clean computer to start listening in the first place? Is there something in the "clean" bios we should be concerned about? Should I get out my wire clippers and permanently disable the microphone on all my computers? Is this something we should blame on the NSA? Or is it the aliens?

Technology doesn't stop working when it's obsolete (1)

Ungrounded Lightning (62228) | about a year ago | (#45294843)

That sounds nuts, but it is a time-tested method of data transfer, after all.

And it can be expected to be a handy way to bypass firewalls far into the future [schlockmercenary.com] as well. B-)

happy halloween (0)

Anonymous Coward | about a year ago | (#45294919)

you simps. Bet you didn't notice your trees being TP'ed either.

Not going to happen.... (0)

bobbied (2522392) | about a year ago | (#45294991)

This is bogus.

Where it is technically possible to transfer data between computers using audio signals (Ham radio operators do this all the time on HF), there is certainly not an opening for a virus to infect some other machine using just audio signals. Certainly there is no way to do this when a machine is booting, unless you have already put the necessary code in the BIOS to initialize the audio hardware, enable it, and start listening or playing audio. Not going to happen.

My guess is that the person making the report either is making this up, or spread the virus himself though thumb drives, optical media he recorded himself or through previous infections of the boot sector of his hard drives. Sort of like the guy I knew who kept moving the disk pack from drive to drive when it wouldn't boot from the previous one. Problem was the first one had a head crash and he ruined 4 drives by putting a bad pack into them... Sometimes what you *think* is happening isn't really what's going on.

So.... I'm going to have to see (uh... hear) it myself or I'm calling this myth busted.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?