Security researcher Dragos Ruiu has been painstakingly untangling a weird, scary piece of malicious software that compromises the BIOS of the computers it attacks, allowing it to infect machines with different operating systems. He's dubbed it "badBIOS" and has seen it infect machines that aren't connected to the Internet. It appears that its initial vector may be a USB exploit, spreading by memory stick, but after that, it appears that it continues to communicate with other infected machines by ultrasonic networking through its hosts' mics and speakers (!). On Ars Technica, Dan Goodin has a deep dive into the strange, freaky world of badBIOS.
Ruiu said he arrived at the theory about badBIOS's high-frequency networking capability after observing encrypted data packets being sent to and from an infected machine that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when one of the machines had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.
With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on.
"The airgapped machine is acting like it's connected to the Internet," he said. "Most of the problems we were having is we were slightly disabling bits of the components of the system. It would not let us disable some things. Things kept getting fixed automatically as soon as we tried to break them. It was weird."
Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps [Dan Goodin/Ars Technica]
Even before he took the job of Chief Security Officer of Yahoo, Alex Stamos had a reputation for being a badass: a thoughtful security ethicist who served as an expert witness in defense of Aaron Swartz, Stamos cemented his reputation by publicly humiliating the director of the NSA over mass surveillance.
Doubtless you’ve laughed at the ideological war between the Judean People’s Front and the People’s Front of Judea. I laughed along with you: having grown up in politics, I know firsthand about the enmities that fester between groups that should be allies — groups whose differences can only be parsed after months of study, but who are seemingly more at odds with one another than their obvious political opponents on the “other side” of the debate.
In 2013, Lavabit — famous for being the privacy-oriented email service chosen by Edward Snowden to make contact with journalists while he was contracting for the NSA — shut down under mysterious, abrupt circumstances, leaving 410,000 users wondering what had just happened to their email addresses.
Whether I’m trying to relieve some stress at work or entertain myself on the metro, Space Putty is there. You can bring this magical goo home and try it for yourself for just $9.99Like Silly Putty of yesteryear, this viscoelastic substance can be molded into different shapes and stretched around in your hands. Use it […]
You know as well as I that writing complex, long-long form text requires significant organization. You’re probably also well aware that Word just isn’t up to the task. That’s why I’m a huge fan of Scrivener, the software suite used by best-selling authors and technical writers alike.Scrivener is much more than another digital typewriter. With a […]
Looking to upgrade your weekend? Here are three randomly awesome products on my mind this week.#3 FRESHeBUDS Pro Magnetic Bluetooth EarbudsAs more and more phones and gadgets switch to Bluetooth-only compatibility, you’ll need to get Bluetooth headphones like the rest of us. I’ve been super impressed with these affordable magnetic headphones. Pull the magnetic earbuds apart to auto-connect […]