Security researcher Dragos Ruiu has been painstakingly untangling a weird, scary piece of malicious software that compromises the BIOS of the computers it attacks, allowing it to infect machines with different operating systems. He's dubbed it "badBIOS" and has seen it infect machines that aren't connected to the Internet. It appears that its initial vector may be a USB exploit, spreading by memory stick, but after that, it appears that it continues to communicate with other infected machines by ultrasonic networking through its hosts' mics and speakers (!). On Ars Technica, Dan Goodin has a deep dive into the strange, freaky world of badBIOS.
Ruiu said he arrived at the theory about badBIOS's high-frequency networking capability after observing encrypted data packets being sent to and from an infected machine that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when one of the machines had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.
With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on.
"The airgapped machine is acting like it's connected to the Internet," he said. "Most of the problems we were having is we were slightly disabling bits of the components of the system. It would not let us disable some things. Things kept getting fixed automatically as soon as we tried to break them. It was weird."
Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps [Dan Goodin/Ars Technica]
Indie news outlet Techdirt is being sued for $15M by Shiva Ayyadurai, who claims to have invented email in 1978, eight years after Ray Tomlinson sent an email over ARPANET; Ayyadurai is represented by Charles Harder, a key figure in the Gawker-killing legal campaign that Peter Thiel financed, and who is also representing Melania Trump […]
In Even good bots fight, a paper written by Oxford Internet Institute researchers and published in PLOS One, the authors survey the edits and reverts made by Wikipedia’s diverse community of bots, uncovering some curious corners where bots — rate-limited by Wikipedia’s rules for bots — slowly and remorseless follow one another around, reverting each […]
As the US government ramps up its insistence that visitors (and US citizens) unlock their devices and provide their social media accounts, the solution have run the gamut from extreme technological caution, abandoning mobile devices while traveling, or asking the government to rethink its policy. But Maciej Cegłowski has another solution: a “travel mode” for […]
Not all hackers are malicious information thieves—white-hat ethical hackers work with technology companies to ensure the security of their computer systems and user data. With all of today’s high-profile data breaches, ethical hackers are in considerable demand. To learn these critical skills and break into the high-paying cyber security field, try taking the courses in this […]
Making people aware of goods and services in the digital age requires an array of new strategies from social media and email to number-crunching tools like Google Analytics. To get a handle on the techniques used to capture attention and convert traffic into dollars in a crowded online environment, the Full-Stack Marketer Bundle offers 22 hours of training to get […]
Having a luxurious bed isn’t just a fairy tale from a catalog; it is a real, affordable possibility with offerings like this Olive+Owen bedroom set. If you’re thinking of doing some “spring cleaning”, this bed set is an easy way to completely upgrade your room in one purchase.This 20-piece collection has all of the expected slumberland elements, […]