badBIOS

arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

I Just don't know what to make of this story.

I guess it's too early to tell, but now since it's hit the mainstream thanks to Ars we'll get to the bottom of it very soon. Here is what Dan Goodin (the author of the article) says about it: >Click me<

It seems kind of like a computer ghost story, perhaps it is, being Halloween today.

A potentially reputation destroying ghost story...

if its true (which i suspect it could be)

then can the audio transmit over Hifi speakers connected to a PC via an analogue cable from your 2.1 / 5.1 outs in BIOS or is it just Laptop / PC built in speakers (usually fitted to off the shelf type machines)

or can it work its magic from an OS via your onboard chip through your speakers to your smart phone speakers and transmit data over GPS ?

at this rate you need a custom PC, Custom Router firmware, Custom OS on your Tablet/Phone  PLUS segregted VLAN's for mobile devices to keep your data safe.

 

so yea custom opensource everything

...yup
btw love the show.

It was on the tek.

Also. Believing that A virus of any kind could be transmitted via soundwaves is ridiculous.

Say that the virus can transmit sound. Okay. Say that theres a microphone around. Okay. What do you expect to happen when the sound hits the microphone? That it will magically transform that sound into a copy of the virus? No. The microphone will (if its even turned on) pick up the sound like any other, and transmit the sound to whatever your microphone is doing.

For that to even work, your PC would have to be able to take commands via sound. and use that command to recreate the virus. Which. Can't happen.

lol, I never thought of it that way!

That it will magically transform that sound into a copy of the virus? No. The microphone will (if its even turned on) pick up the sound like any other, and transmit the sound to whatever your microphone is doing.

Not true. There has been several proof of concepts with transferring data through sound waves. Here is a reddit thread I saw today with some proof of concept tests: http://www.reddit.com/r/netsec/comments/1ppwet/the_badbios_analysis_is_wrong/

 

The author has some good points... But seems very closed minded and some of his points are off. For example, he rants about how there is no microphone input at the bios level. This is true, but the transmission doesn't have to be received at the bios level. Infection starts at the OS level first, which is where the audio input is being received.

Yes, but BOTH PCs have to have a program or protocol active in order to do that. A program on the first PC to send the data, and a program on the second to receive it.

PC1 sends sound data. If PC2 doesnt have a program to do something with the sound data, then it will do nothing. 

It would be like trying to send an email to someone with no email address. The email would send, but there would be no way to receive it.

Sorry, meant to quote your last bit where you said

For that to even work, your PC would have to be able to take commands via sound. and use that command to recreate the virus. Which. Can't happen.

Which to me said it was impossible, period. THAT is what I was saying was wrong. I'm not supporting the badBIOS sound theory, just pointing out that the technology is somewhat possible.

But you seem to already understand that. My mistake.

Isn't miscommunication horrible? ._.

guys, it's just  Project 2501 from ghost in the shell.

I think the whole badBIOS thing is pretty interesting. I'm not really sure what to make of it, too. Every once in awhile stories like this come out, and before you know it the topic is long forgotten. I'm not going to put that much weight into it until I see it.

The thing that's weirdest about this is that he's been working on this for 3 years. Has this infected countless computers since then and is sleeping? Or why hasn't it been found out since then?

Also when The Tek was saying that it was probably some guy just making a mistake during testing, can you really make that mistake every time you test for 3 years? Wouldn't you change up your testing methods?

i dont think anything is impossible. flame and Stuxnet were pretty epic programs and i wouldnt put anything past state sponsored programs like that.

A virus that's transmitted through sound, sounds liked the virus written on a persons spine in the show bones, so pretty ridiculous.

Yeah I'm with you guys on the transmission by sound, but as someone who had been fighting off the stupid virus for weeks, with help from MSI, Samsung, and Amd. I can honestly say this is the most infuriating virus i have ever run into. There are only 2 courses of action for getting rid of this Virus. 1. Replace all hardware that contains uefi compatible firmware, i say uefi mainly because it has spare room on the bios chip in which this virus can sit. non uefi compatible hardware should be fine but i would flash them just in case And do it all at once!!! 2. Find a chip clip and reflash all your hardware with new corrupted firmware. step 2 is definitely harder as it must be done with a box that is already powered on and prepared to flash before even trying to connect the affected component. or it will spread. And also on the subject of the audio capabilities of said virus i dont believe it can infect clean machines but from my run with it it is very fast at auto repairing itself, i believe that the audio part of it is only for repair if one machine is being cleaned in the vicinity of a infected machine. And if you think of it High pitched audio transmission from speaker to mic is also identical to that of a Wireless router to a wifi enable device. 2.4ghz to 5ghz is still sound its just out of our hearing range....So please don't think this is just a hoax this virus and its creator deserve what ever is coming to them.

You necro'd this post to tell us the exact thing Wendell told us in the video..?