Forgot your password?
Close
typodupeerror

Comment Re:Sounds like nonsense once you look at details (Score 1) 265

by knsomething (#45298307) Attached to: Airgap-Jumping Malware May Use Ultrasonic Networking To Communicate
The article implies that USB drives are the attack vector. Once infected they may use inaudible frequencies to transmit data to other infected machines. The vast majority of "ElCheapo" audio hardware can record and reproduce audio in these frequencies. Test it if you don't believe me. Most drop off around 21kHz, which allows for reliable but very low bandwidth data transmission. Several companies use this technology for analytics and context-specific advertisement on mobile devices.

Comment The tech is real. Get over it. (Score 1) 265

by knsomething (#45298257) Attached to: Airgap-Jumping Malware May Use Ultrasonic Networking To Communicate
Working with this tech is *literally* my job. The speakers in a common laptop or smartphone can reliably create signals up to 21kHz. Likewise, the microphones found on these devices can hear frequencies in this range. The modulation schemes for inaudible data over audio hardware are limited, but they exist and work pretty damn well.
Security

Airgap-Jumping Malware May Use Ultrasonic Networking To Communicate 265

Posted by samzenpus from the protect-ya-neck dept.
Hugh Pickens DOT Com writes "Dan Goodwin writes at Ars Technica about a rootkit that seems straight out of a science-fiction thriller. According to security consultant Dragos Ruiu one day his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused and he also found that the machine could delete data and undo configuration changes with no prompting. Next a computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting and further investigation showed that multiple variants of Windows and Linux were also affected. But the story gets stranger still. Ruiu began observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. It's too early to say with confidence that what Ruiu has been observing is a USB-transmitted rootkit that can burrow into a computer's lowest levels and use it as a jumping off point to infect a variety of operating systems with malware that can't be detected. It's even harder to know for sure that infected systems are using high-frequency sounds to communicate with isolated machines. But after almost two weeks of online discussion, no one has been able to rule out these troubling scenarios, either. 'It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was,' says Ruiu. 'The take-away from this is a lot of our forensic procedures are weak when faced with challenges like this. A lot of companies have to take a lot more care when they use forensic data if they're faced with sophisticated attackers.'"

Slashdot Top Deals

Support bacteria -- it's the only culture some people have!

Close