Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Airgap-Jumping Malware May Use Ultrasonic Networking To Communicate 265

Hugh Pickens DOT Com writes "Dan Goodwin writes at Ars Technica about a rootkit that seems straight out of a science-fiction thriller. According to security consultant Dragos Ruiu one day his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused and he also found that the machine could delete data and undo configuration changes with no prompting. Next a computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting and further investigation showed that multiple variants of Windows and Linux were also affected. But the story gets stranger still. Ruiu began observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. It's too early to say with confidence that what Ruiu has been observing is a USB-transmitted rootkit that can burrow into a computer's lowest levels and use it as a jumping off point to infect a variety of operating systems with malware that can't be detected. It's even harder to know for sure that infected systems are using high-frequency sounds to communicate with isolated machines. But after almost two weeks of online discussion, no one has been able to rule out these troubling scenarios, either. 'It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was,' says Ruiu. 'The take-away from this is a lot of our forensic procedures are weak when faced with challenges like this. A lot of companies have to take a lot more care when they use forensic data if they're faced with sophisticated attackers.'"

Comment Re:Well, maybe not wrist... (Score 2) 86

it's not automatically a Big Brand New Development just because MIT strapped a 12V square to an old watch band and hooked it up to some temperature sensors.

Sometimes it does seem like Slashdot simply publishes the MIT newsfeed, without the slightest skepticism.

Mostimes it does seem like Slashdot simply publishes ANY newsfeed, without the slightest skepticism.

Comment Use your own (Score 1) 435

Thunderbird as a client, IMAP server on a hosting account with spam filtering. No problems, no ads, no worrying about what will Google/Yahoo/Microsoft screw up next.

"Free" is too expensive.

Comment Re:Welcome to the rest of the world (Score 1) 312

...and how does region locking play in to that? Best I can tell, you could prevent multiplayer piracy without locking people out of the game in central ohio because you think their located in London for some idiot reason.

Region locking allows them to sell the game for different prices to different regions. YES, you pay more for video games then someone in Nigeria does - get over yourself!

Also, the biggest benefit you get from region locking is the ability to do a staggered release. This is CRITICAL for a primarily multiplayer title BF4, because they don't have to deal with the server load spikes (and associated technical support peaks) you get with a simultaneous release. Or have you already forgotten what happened when Rockstar let everyone rush online at the same time?

This is a BUG - the players here were supposed to be included with the rest of the US block, but were not. But this is a bug that will fix itself, and rather quickly - they will not die from waiting another day.

Comment Re:These bugs exist even *without* signed integers (Score 5, Interesting) 470

The problem is C's promotion rules. In C, when promoting integers to the next size up, typically to the minimum of "int", the rule is to use signed integers if the source type fits, even if the source type is unsigned.

I know. C's handling of integer overflow is "undefined". In Pascal, integer overflow was a detected error. DEC VAX computers could be set to raise a hardware exception on integer overflow, and about thirty years ago, I rebuilt the UNIX command line tools with that checking enabled. Most of them broke.

In the first release of 4.3BSD, TCP would fail to work with non-BSD systems during alternate 4-hour periods. The sequence number arithmetic had been botched due to incorrect casts involving signed and unsigned integers. I found that bug. It wasn't fun.

C's casual attitude towards integer overflow is why today's machines don't have the hardware to interrupt on it. Ada and Java do overflow checks, but the predominance of C sloppyness influenced hardware design too much.

I once wrote a paper, "Type Integer Considered Harmful" on this topic. One of my points was that unsigned arithmetic should not "wrap around" by default. If you want modular arithmetic, you should write something like n = (n +1) % 65536;. The compiler can optimize that into machine instructions that exploit word lengths when the hardware allows, and you'll get the same result on all platforms.

Comment Re: Technology is hard and dangerous (Score 1) 610

I'll trade $20k in vehicle damages against $200k in human damages any day. Newer cars are pretty impressive in moderate speed accidents. People walk out of wrecks that would have mangled bodies in the 1970s and before. You can certainly kill yourself in a car wreck. You just have to work a lot harder.

Slashdot Top Deals

The difference between a career and a job is about 20 hours a week.