I'm not sure I'm buying this

http://it.slashdot.org/story/13/11/01/0120220/airgap-jumping-malware-may-use-ultrasonic-networking-to-communicate

"Dan Goodwin writes at Ars Technica about a rootkit that seems straight 
out of a science-fiction thriller. According to security consultant 
Dragos Ruiu one day his MacBook Air, on which he had just installed a 
fresh copy of OS X, spontaneously updated the firmware that helps it 
boot. Stranger still, when Ruiu then tried to boot the machine off a CD 
ROM, it refused and he also found that the machine could delete data and 
undo configuration changes with no prompting. Next a computer running 
the Open BSD operating system also began to modify its settings and 
delete its data without explanation or prompting and further 
investigation showed that multiple variants of Windows and Linux were 
also affected. But the story gets stranger still.."


-- 
Mark Warner
....lose .inhibitions when replying
0
Mark
11/1/2013 4:59:59 PM
grc.security.software 15003 articles. 0 followers. Follow

9 Replies
762 Views

Similar Articles

[PageSpeed] 27

On Fri, 01 Nov 2013 12:59:59 -0400, Mark Warner wrote:

> http://it.slashdot.org/story/13/11/01/0120220/airgap-jumping-malware-may-use-ultrasonic-networking-to-communicate
 
> "Dan Goodwin writes at Ars Technica about a rootkit that seems straight 
> out of a science-fiction thriller. According to security consultant 
> Dragos Ruiu one day his MacBook Air, on which he had just installed a 
> fresh copy of OS X, spontaneously updated the firmware that helps it 
> boot. Stranger still, when Ruiu then tried to boot the machine off a CD 
> ROM, it refused and he also found that the machine could delete data and 
> undo configuration changes with no prompting. Next a computer running 
> the Open BSD operating system also began to modify its settings and 
> delete its data without explanation or prompting and further 
> investigation showed that multiple variants of Windows and Linux were 
> also affected. But the story gets stranger still.."

I got a friend to channel Steve Jobs, and he says it's a crock.
And Ms Lovelace agrees.

(Anyone else remember the guy who used to post here about how his toaster
was talking to the PC ?)

-- 
no nym
No hardware was used during the creation and transmission of this message.
0
no
11/1/2013 5:22:06 PM
"no nym" <shortfuse@example.net> wrote in message news
> On Fri, 01 Nov 2013 12:59:59 -0400, Mark Warner wrote:
>
>> http://it.slashdot.org/story/13/11/01/0120220/airgap-jumping-malware-may-use-ultrasonic-networking-to-communicate
>
>> "Dan Goodwin writes at Ars Technica about a rootkit that seems straight
>> out of a science-fiction thriller. According to security consultant
>> Dragos Ruiu one day his MacBook Air, on which he had just installed a
>> fresh copy of OS X, spontaneously updated the firmware that helps it
>> boot. Stranger still, when Ruiu then tried to boot the machine off a CD
>> ROM, it refused and he also found that the machine could delete data and
>> undo configuration changes with no prompting. Next a computer running
>> the Open BSD operating system also began to modify its settings and
>> delete its data without explanation or prompting and further
>> investigation showed that multiple variants of Windows and Linux were
>> also affected. But the story gets stranger still.."

> I got a friend to channel Steve Jobs, and he says it's a crock.
> And Ms Lovelace agrees.
>
> (Anyone else remember the guy who used to post here about how his toaster
> was talking to the PC ?)

Apparently a crusty fecker thats rolling in the dough today :-|

Apple products including ipods/pads (these can be wirelessly used for 
browsing, facetime, messaging, twitter etc..) have 'air sync', 'bump', 
'shazam', installed which make my eyes bleed sometimes.  Each and every one 
of these is a walking disaster waiting to happen...  The latest model, the 
iPad Air http://www.apple.com/ie/ was released today, innovative but dodgy 
for security (imo).  What makes them twice as dodgy is they are probably 
outnumbering other systems among kids, who click click click like its 
compulsory :-)

Cheers
Tommy



0
Tommy
11/1/2013 9:10:52 PM
 
> http://it.slashdot.org/story/13/11/01/0120220/airgap-jumping-malware-may-use-ultrasonic-networking-to-communicate
> 
> "Dan Goodwin writes at Ars Technica about a rootkit that seems
> straight out of a science-fiction thriller. According to security

Well... let's pick the ars article

http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

now let me quote some bits and pieces 

"His network transmitted data specific to the Internet's
next-generation IPv6 networking protocol, even from computers that were
supposed to have IPv6 completely disabled" 

"the ability of infected machines to transmit small amounts of network
data with other infected machines even when their power cords and
Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were
removed"

"the malware, has the ability to use high-frequency transmissions
passed between computer speakers and microphones to bridge airgaps."

doesn't the above sound just like those emails warning you about "do
not open messages with subject HHHHHH, they'll destroy your
computer/the world/the universe" :) not just that, consider the third
quoted bit above... now, it may be possible for a piece of code to use
the computer speaker/buzzer to emit signals (like a "modem" :D) but
then, to *infect* another computer, the victim should have another
piece of code LISTENING to the microphone, otherwise that won't work
so, sincerely my hoax-o-meter is ranging above 100% here, not sure
about your one :)

0
ObiWan
11/2/2013 10:07:29 AM
On Sat, 2 Nov 2013 11:07:29 +0100, ObiWan wrote:

> doesn't the above sound just like those emails warning you about "do
> not open messages with subject HHHHHH, they'll destroy your
> computer/the world/the universe" :) not just that, consider the third
> quoted bit above... now, it may be possible for a piece of code to use
> the computer speaker/buzzer to emit signals (like a "modem" :D) but
> then, to *infect* another computer, the victim should have another
> piece of code LISTENING to the microphone, otherwise that won't work
> so, sincerely my hoax-o-meter is ranging above 100% here, not sure
> about your one :)

The bit I really couldn't believe was the way it 'just' infects different
OSs, when even getting an Excel 97 spreadsheet to open properly in Excel
2010 can use up so much of my life...

I see this guy is involved with a film that came out in March 2013, about
'the illusive world of computer hacking'.

http://www.imdb.com/title/tt2202700/?ref_=nm_flmg_slf_1  

I'm thinking maybe publicity stunt ?

Or maybe those troublesome poultrygeists ?

-- 
no nym
The haunted laptop - it knows where you live...
0
no
11/2/2013 4:34:32 PM
Another opinion:

http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/

This thing has just enough feasibility to propagate quickly.  Not much
more.  I'm sure it'll all be discredited soon.

Bill
-- 
Bill_MI - Bill in Michigan
Expert Opinions $20, Shut-Up $50
0
Bill_MI
11/2/2013 5:14:54 PM
On 11/02/2013 01:14 PM, Bill_MI wrote:
> Another opinion:
> 
> http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/
> 
> This thing has just enough feasibility to propagate quickly.  Not much
> more.  I'm sure it'll all be discredited soon.

Yeah, saw that. The thing that is puzzling is the guy in question is 
supposed to be a well regarded, straight up guy in the field. He's 
evidently getting more benefit of the doubt than anyone else would.

I keep thinking this would be more appropriate for April 1. Otherwise, 
it's hard to imagine the real story.

-- 
Mark Warner
MEPIS Linux
Registered Linux User #415318
....lose .inhibitions when replying
0
Mark
11/2/2013 6:00:27 PM
On Sat, 02 Nov 2013 14:00:27 -0400, Mark Warner wrote:

> I keep thinking this would be more appropriate for April 1. Otherwise, 
> it's hard to imagine the real story.

Orson Welles broadcast his War of the Worlds dramatisation at Hallowe'en,
so this might be following that tradition.
  
-- 
no nym
0
no
11/3/2013 1:11:25 PM
> Well... let's pick the ars article
> 
> http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
> 

on a second thought...

http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/

http://blog.erratasec.com/2013/10/badbios-features-explained.html

http://www.stewin.org/papers/dimvap15-stewin.pdf

now, the "ars" piece contains some details which just "don't fit"; on
the other hand some of the idea *may* be used but I tend to suspect
that it's just some variant of a rootkit, not a BIOS critter and then,
given that it spreads through USB I wonder why it wasn't dectected :P !


0
ObiWan
11/3/2013 4:34:00 PM
While ObiWan dreams of electric sheep...:

> "the malware, has the ability to use high-frequency transmissions
>  passed between computer speakers and microphones to bridge 
> airgaps."

Is this possible ? Long answer, Yes; short answer, No.

All Laptops/PC's come with speakers (you must have some old low-tech
shit otherwise) but most laptops or PC's don't have internal mikes
(yes I like that spelling). The quality of laptop hardware is such
crap that they aren't capable of the high frequency needed to excite
the small amount of metal in the external mike connector on your laptop
(simple rule, the smaller the antenna the higher the frequency).

Your laptop speakers would have to transmit in the upper GHz for the
mike jack to receive a signal. And even then it would have to still
be audio for the hardware to process it.

This of course ignores the fact that your laptop would have to
already be infected in order to be listening on the mike jack.
Unless WMP is always listening on the jack and I suppose MS could
have vulnerability there, they do everywhere else.

Yes, I have done this.

Digital Modes in Amateur Radio use the speakers and mikes for data
transmission. I have transmitted PSK packets using the method described.

Speaker to Mike, no radio equipment involved. But at audible
frequencies, high frequencies not possible.
-- 
Where's there's smoke, There are mirrors.
Give me Free as in Freedom not Speech or Beer.
Internet and PC Industry/Gaming RIP 2011
0
DarkWolf
11/4/2013 6:20:08 PM
Reply:

Similar Artilces:

test M.I, m,I, M-1, M'I, M`I and M I
testing with change to news/news/xxx.dat only ...

Sometimes I'm bad, sometimes I'm awful. Today I'm Good
There was once this second-rate orchestra led by a second-rate director. In the orchestra was this guy on the cymbals who never banged them at the right time. So the conductor said, "If you don't get it right this time I'll kill you." When the time came for the percussionist to get it right, he didn't. And so the director pulled out a gun and shot him dead. Of course, the police came and arrested him and eventually the conductor ended up on death row. The day came when he was sent to the electric chair. As the crowd watched, the executionist flipped the ...

I'm complaining and i'm pretty sure your tired and don't want to hear it, but please bare with
Name: David Arias Email: jemnonatgmaildotcom Product: Firefox Summary: I'm complaining and i'm pretty sure your tired and don't want to hear it, but please bare with Comments: Whoever reads this i'm sure your tired of hearing idiots complain about firefox, while someone at work is asking you for 5 different other things on top of 6 different other things. To get to the point, make clearing your cache easier to find. Thanks! Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 From URL: http://he...

I'm Not Sure I'm Getting All My G-Mail (Please Answer)
Name: Michelle McClintock Email: bitusboxatgmaildotcom Product: Thunderbird Summary: I'm Not Sure I'm Getting All My G-Mail (Please Answer) Comments: I've been using Thunderbird for some of my Earthlink mail and my G-Mail. Is there a limit on how much from each mail program the Thunderbird box will take? I'm not sure that I've been getting all my G-Mail in the last couple days into the Thunderbird box. What can I do to make sure I don't miss anything? Browser Details: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en; rv:1.8.1.19) Gecko/20081212 Cam...

Electronic security was a 'secondary' issue, says M$'s security honco???
http://www.securitynewsportal.com/article.php?sid=1524&mode=thread&order=0 -- Regard: Joh@nnes� 1216771 Ont.Inc. "Nothing is more damaging to a new truth than an old error" "Johannes Niebach" <niebach@sprint.ca> wrote in message news:9lgmae$56c$1@news.grc.com... > http://www.securitynewsportal.com/article.php?sid=1524&mode=thread&order=0 > This is exactly what the problem is. "We built really great things that give you the ability to do really great things and often at times it's almost secondary at the back what som...

I'm a jerk, but I'm RICH.
Don't Waste My Time..... Lets get something straight. I am a jerk. I am obnoxious. I am lazy. And I don�t care, because I am FILTHY RICH. I am much too important to even be sitting here writing this right now. So I'll keep it short. I make several million dollars every year on the internet, doing almost nothing. Do you make that much money? Didn't think so. I�m the real deal. Whether you like it or not, you want to be rich like me, otherwise you wouldn't be here. And since you are here, I'm sure you already know that there are thousands of "get rich quick" pro...

I'm lazy, or is it that I'm too busy?
Does anyone have any good materials to pass out to (L)users explaining the use of iFolder? My parent company wants me to write some stuff out on how to use iFolder. Tim Wohlford, CNE Tim Wohlford, > My parent company wants me to write some stuff out on how > to use iFolder. 1. Save your files here -> ;) - Anders Gustafsson, Engineer, CNE6, ASE NSC Volunteer Sysop (http://support-forums.novell.com) Pedago, The Aaland Islands (N60 E20) Using VA 4.52 build 277 (32-bit) on Windows 2000 build 2195 I normally can write this type of doc...

I'm 20... and I'm cool.
Name: CJ Manning Email: Dragonmanning78_at_aol.com Product: Firefox 2 Beta 2 Summary: I'm 20... and I'm cool. Comments: So far it works great... but it takes ALOT of processor power it would seem. Also... just keep it running great... less failures please. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b2) Gecko/20060821 Firefox/2.0b2 ...

I'm senile, I'm certain.
I'll be damned if I can remember where to change the AddressBook name display from first-name-first to last-name-first in TB 1.0.7! Can someone please remind me? Thanks. JLOB John O'Boyle wrote: > I'll be damned if I can remember where to change the AddressBook name > display from first-name-first to last-name-first in TB 1.0.7! Can > someone please remind me? In Address book - View > Show Name As Regards, Bob -- Remove "x" from address to reply by email Bob Henson wrote: > > John O'Boyle wrote: > >&...

''''''''''''''''''''
Name: haznen Email: haznenatyahoodotcom Product: Gran Paradiso Alpha 8 Summary: '''''''''''''''''''' Comments: '''''''''''''''''''''''''''''''''''' Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061204 UGES/1.7.2.0 GranParadiso/3.0a1 From URL: http://www.mozilla.org/projects/granparadiso/ Note to readers: Hendrix gives...

perl -M'CGI::Carp qw(fatalsToBrowser)' -M'File::Temp qw(tempfile)' -e 1
oche82: perl -M'File::Temp qw(tempfile)' -M'CGI::Carp qw(fatalsToBrowser)' -e 1 oche82: perl -M'CGI::Carp qw(fatalsToBrowser)' -M'File::Temp qw(tempfile)' -e 1 Content-type: text/html <H1>Software error:</H1> <CODE>Goto undefined subroutine &amp;AutoLoader::AUTOLOAD at /opt/local/perl-5.6.0/lib/5.6.0/sun4-solaris/Fcntl.pm line 208. </CODE> <P> For help, please send mail to this site's webmaster, giving this error message and the time and date of the error. Content-type: text/html <H1>Software error:&...

How to bind/unbind 'F & p s for M N' and 'C for M N' by protocol in Win XP Pro?
Am trying to get Win 98 and Win 98SE machines to see Win XP Pro machines and vice versa. Have studied Steve Winograd's Windows XP Network Troubleshooting article at: http://www.practicallynetworked.com/sharing/troubleshoot/ right through the section titled 'Missteps' - most excellent resource there, except for the blanket acceptance of SOHO networking with TCP/IP and NetBIOS enabled over TCP/IP. If I may be permitted to go off half-cocked, I believe my difficulty lies in my insistance on keeping 'File and printer sharing for Microsoft Networks' and 'Client for ...

Can't get Zero Hex Satisfaction
Hey, how can I get a Zero byte into a Blob? I've tried the following: b = blob(space(1), EncodingUTF8!) blobedit(b, 1, blob('~h00', EncodingUTF8!)) BlobEdit fails when the value is 0H. It's working for other values. ....and I have rebooted, debugged, sent my daily greetings to the Sybase Management, changed music and socks, so I'm out of ideas... I'm using PB10, build 6064. Thanks for any tip Hi, The way I've found: blob lb_byte0 integer li_0 li_0 = 0 lb_byte0 = blob("aa") BlobEdit ( lb_byte0, 1, li_0) lb_byte0 = blobm...

07arith.t failing as _strptime('2001-2-29 12:34:56', '%Y-%m-%d %H:%M:%S') fails
A todo for VMS: In blead@33891, 07arith.t is dying on test 11. From the comments, it seems that it is expecting the _strptime function (or something) to convert '2001-2-29' to '2001-3-1'. Instead it is failing with the message "Error parsing time at .../lib/Time/Piece.pm line 615, <DATA> line 17. -John wb8tyw@qsl.net Personal Opinion Only On Wed, 21 May 2008 22:29:13 -0500, "John E. Malmberg" <wb8tyw@qsl.net> wrote: > A todo for VMS: > > In blead@33891, 07arith.t is dying on test 11. > > From the comments...

Web resources about - I'm not sure I'm buying this - grc.security.software

Resources last updated: 12/25/2015 9:24:11 PM