|
Title: Skynet says 'Hello, World' Post by: MahrinSkel on October 31, 2013, 12:56:25 PM Okay, maybe not, but if badBIOS isn't Skynet reaching (http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/) back in time to bootstrap itself, then it's something even scarier.
If it isn't a hoax, it's a Swiss Army knife of zero-day exploits, capable of writing itself into the BIOS of many different kinds of computers, compromising all major operating systems, and communicating with other infected computers across an 'air gap' (by using the speaker and microphone as an ultrasonic modem). --Dave Title: Re: Skynet says 'Hello, World' Post by: Mrbloodworth on October 31, 2013, 12:57:36 PM I'm not clicking that. :ye_gods:
Title: Re: Skynet says 'Hello, World' Post by: schild on October 31, 2013, 01:11:08 PM Quote Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. (http://i.imgur.com/NpJk99U.gif) Title: Re: Skynet says 'Hello, World' Post by: Ingmar on October 31, 2013, 01:22:03 PM I'm very skeptical of this, at least the high frequency audio networking part of it. Built-in speakers and mics are absolute shit and there's no error-correction on the destination box to clean up a bad signal like there is with any kind of normal network protocol.
Title: Re: Skynet says 'Hello, World' Post by: Ghambit on October 31, 2013, 02:00:44 PM I'm very skeptical of this, at least the high frequency audio networking part of it. Built-in speakers and mics are absolute shit and there's no error-correction on the destination box to clean up a bad signal like there is with any kind of normal network protocol. You can't stop the signal. :awesome_for_real: Also, saying there's "no" error correction is a bit strong. It's not that simple. Title: Re: Skynet says 'Hello, World' Post by: Samwise on October 31, 2013, 04:26:48 PM Like Ingmar, I'm getting the smell of hoax from this. Super cool science fiction sounding shit you see on the internet is always either greatly exaggerated or outright fabricated.
Title: Re: Skynet says 'Hello, World' Post by: Mithas on October 31, 2013, 06:33:46 PM Quote Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed. I could almost buy it but the power cord removed really makes it seem like a hoax. Edit: After reading it closer it was probably laptop running on a battery. I'm not sure why they even mentioned the power cord then. Title: Re: Skynet says 'Hello, World' Post by: Ghambit on October 31, 2013, 07:06:12 PM Quote Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed. I could almost buy it but the power cord removed really makes it seem like a hoax. Edit: After reading it closer it was probably laptop running on a battery. I'm not sure why they even mentioned the power cord then. Because w/o built-in standby power to the mobo, you wouldn't have a computer. You don't need to be plugged in to effect ICs at the CMOS/BIOS level no? They're on their own small battery, which is what I think they're positing. But yah, still sounds like a hoax. Title: Re: Skynet says 'Hello, World' Post by: MahrinSkel on October 31, 2013, 07:16:49 PM Everything described is technically possible, but to package them into an actual hardware-level rootkit system is technical sophistication at 'A Wizard Did It' level. If it's real and not Skynet, somebody out there is at godlike levels of skill (it makes Stuxnet look primitive and crude).
--Dave Title: Re: Skynet says 'Hello, World' Post by: Venkman on October 31, 2013, 07:29:29 PM Now THIS is a horror story I can get behind :awesome_for_real:
Wouldn't surprise me at all if this thread eventually moves to Politics because it turned out it was another NSA-funded DARPA project... Title: Re: Skynet says 'Hello, World' Post by: Mithas on October 31, 2013, 08:10:04 PM If my computer starts acting like that I am smashing it to tiny bits.
Title: Re: Skynet says 'Hello, World' Post by: Ghambit on October 31, 2013, 08:35:57 PM Everything described is technically possible, but to package them into an actual hardware-level rootkit system is technical sophistication at 'A Wizard Did It' level. If it's real and not Skynet, somebody out there is at godlike levels of skill (it makes Stuxnet look primitive and crude). --Dave I wouldn't call it wizard-like (definitely innovative), but it's obviously a damned good Systems Engineer behind something like this (and likely an old-school one) rather then a simple codemonkey. Title: Re: Skynet says 'Hello, World' Post by: MahrinSkel on October 31, 2013, 09:30:04 PM Everything described is technically possible, but to package them into an actual hardware-level rootkit system is technical sophistication at 'A Wizard Did It' level. If it's real and not Skynet, somebody out there is at godlike levels of skill (it makes Stuxnet look primitive and crude). --Dave I wouldn't call it wizard-like (definitely innovative), but it's obviously a damned good Systems Engineer behind something like this (and likely an old-school one) rather then a simple codemonkey. If Stuxnet was weapons-grade hacking compared to what we had seen before, this is Manhattan Project level. --Dave Title: Re: Skynet says 'Hello, World' Post by: Ghambit on October 31, 2013, 09:44:46 PM Agreed. Though breadth is what's required to be a skilled systems engineer. In my dabblings, there's likely no harder form of engineering on the planet if you want to be called "good." You need signal expertise, logic mastery, submicro electronics knowledge, coding expertise, semi-conductor mastery, and on and on (before even considering circuit miniaturization). Basically a high-level theoretical electrical engineer that has "wizard-like" machine-code skills and a firm grasp of signal. (and I'm sure a lot more that I have yet to learn at school)
If true, I highly doubt it's a solo act. Probably a team. Will be interesting to watch the grognards pull this apart - may learn something even if fake. Title: Re: Skynet says 'Hello, World' Post by: ezrast on November 01, 2013, 02:11:52 AM Quote Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed. I could almost buy it but the power cord removed really makes it seem like a hoax. Edit: After reading it closer it was probably laptop running on a battery. I'm not sure why they even mentioned the power cord then. Title: Re: Skynet says 'Hello, World' Post by: Sir T on November 01, 2013, 05:35:27 AM Semi Related!
http://www.bbc.co.uk/news/blogs-news-from-elsewhere-24707337 Quote Russia: Hidden chips 'launch spam attacks from irons' (http://news.bbcimg.co.uk/media/images/70755000/jpg/_70755176_iron.jpg) Screengrab from Rossiya 24, with inset of the "hidden chip" How Russian TV covered the story about the chips, shown inset Cyber criminals are planting chips in electric irons and kettles to launch spam attacks, reports in Russia suggest. State-owned channel Rossiya 24 even showed footage of a technician opening up an iron included in a batch of Chinese imports to find a "spy chip" with what he called "a little microphone". Its correspondent said the hidden devices were mostly being used to spread viruses, by connecting to any computer within a 200m (656ft) radius which were using unprotected Wi-Fi networks. Other products found to have rogue components reportedly included mobile phones and car dashboard cameras. The report quoted one customs brokerage professional as saying the hidden chips had been used to infiltrate company networks, sending out spam without administrators' knowledge. News agency Rosbalt reports that while the latest delivery of appliances was rejected by officials, more than 30 devices had already been sent to retailers in St Petersburg. Who knew that having all your manufacturing done dirt cheap from China would become a security risk. :why_so_serious: Title: Re: Skynet says 'Hello, World' Post by: Venkman on November 01, 2013, 11:11:29 AM Because transmitting data via existing power infrastructure is a thing: http://en.wikipedia.org/wiki/Power_line_communication Yes but to go from the wall outlet to the computer or router is through an ethernet cable to a computer port designed to accept that kind of traffic. The power adapter port doesn't normally do that :-) Title: Re: Skynet says 'Hello, World' Post by: Khaldun on November 01, 2013, 11:35:43 AM Interesting analysis of the story and its plausibility or lack thereof.
http://blog.erratasec.com/2013/10/badbios-features-explained.html Title: Re: Skynet says 'Hello, World' Post by: Ingmar on November 01, 2013, 11:37:34 AM Quote Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed. I could almost buy it but the power cord removed really makes it seem like a hoax. Edit: After reading it closer it was probably laptop running on a battery. I'm not sure why they even mentioned the power cord then. Because powerline networking is a thing, not that you could really run it without a PLNA. EDIT: Oops, ezrast beat me. Title: Re: Skynet says 'Hello, World' Post by: Zetor on November 03, 2013, 09:33:56 PM Yeah, this is kinda like... 'whatever' territory. Either this is a hoax (very possible), or this is some ultra-specialized sort of malware that'll serve as fuel for a few security conferences, then peter out. I don't think it's in the same weight class as the big-profile APT stuff like stuxnet/duqu/flame/etc, but we'll see, I guess.
If you want to be paranoid, worry about transparent/undetectable hardware backdoors in your PC instead -- it's not exactly a new concept, either (https://www.usenix.org/legacy/event/leet08/tech/full_papers/king/king.pdf). Title: Re: Skynet says 'Hello, World' Post by: Khaldun on November 04, 2013, 11:04:02 AM Man, I never even noticed two things when I read this before until I read the comments at Schneier's blog today. First, the Ars Technica story says that he first saw this three years ago. Three years? And he's been, what, testing it all this time? And in three years hasn't produced more evidence than this? I took it for granted when I read through the first time that he just saw this a month or two back.
Second, the allegation here is that it's two infected machines communicating via an air gap, not that it's one machine transmitting the infection wholesale via ultrasound. It's fairly unclear in the Ars Technica piece but has been clarified since then. Title: Re: Skynet says 'Hello, World' Post by: SurfD on November 05, 2013, 04:44:40 PM Was kind of confused about that as well. The Blog post linked a few posts up seemed to indndicate that the guy had only been tinkering with the thing for several months, as opposed to the Ars article with 3 years. 3 years of this thing possibly being in the wild (given that Dragos has no idea where the initial infection came from) is a scary scary prospect. A few months, not so much so.
Title: Re: Skynet says 'Hello, World' Post by: Khaldun on November 06, 2013, 04:01:43 AM Skepticism is growing.
http://arstechnica.com/security/2013/11/researcher-skepticism-grows-over-badbios-malware-claims/ |