Jump to content
The Dark Mod Forums

BadBIOS: the root-kit that supposedly hides in your BIOS and spreads via speakers/microphone...?


lost_soul

Recommended Posts

http://boingboing.ne...ing-malwar.html

 

Anybody read about this? What do you think? Apparently the guy who originally brought this up is a well-respected researcher. Still, I find the idea of malware that can spread via the sound system unbelievable. How is the target machine going to be told to listen for the "infection"?... Unless you think our machines have a back-door in the firmware where they always listen for a certain tone and then begin accepting instructions.

 

It seems much more believable that malware would be able to spread by generating EMI which interrupts and then hijacks another machine that happens to be sitting next to an infected machine. It wouldn't have to be two-way communication. All the infected machine has to do is make the other machine "wget" and then execute a file from some server. EMI generation is strictly regulated though and this is still about as believable as me being hit by a comet in the next 10 minutes.

Edited by lost_soul
  • Like 1

--- War does not decide who is right, war decides who is left.

Link to comment
Share on other sites

Just because one cannot imagine something means not that someone else is regularly doing the same.

 

I know of a guy who likes to hack and is good at it. So he looked at regular hard drives and researched how they work. He found ICs with a couple of quite powerful CPUs and microcontrollers, flash and enough RAM to run even

computational taxing stuff. He even succeeded in running Linux on the hard drive alone (to make that clear for the technically less educated here: He run it on the hard drives controller itself, not on any PC connected to the hard drive in any way).

With this kind of low level access alone about anything is possible - surrepticiously. And there are many more fully grown microcontrollers in a modern PC...

 

Then, theres those old rumors that on US made CPUs there are tiny hidden RF subsystems that listen for a specific carrier/code and brick or at least crash them when they receive it - this would make much sense for national security, just fly a jet with usual jammer (configured for the specific RF/Code) in the area and deny an enemy all computing.

 

Audio/ultrasonic comm is definitely possible - it's just what modems did, just at somewhat higher frequencies. There is even almost ready-to-use code for that in sourceforge. Practically it depends on the specs

of the inbuilt mic and speaker - but people here tried it and most combos in PCs/Tablets/Smartphones are capable of this. They tried 16 to 24 kHz, the higher you go, the less combos work, but at least some even work better at the higher frequencies, they tried it even with a glass window in between and it still worked quite good.

 

The main point is, that real capable attackers (state level) will use deliberately placed "bugs" and backdoors in hardware anyway - you can more easily access and screen software, but checking multi-million+ - tranistor-chips is only possible with

"arcane" equipment (SEMs, Ion Beam Microscopes,... ) and even then it's a lenghty and difficult process.

The US-military want's to use no abroad-built ICs in the future at all, for the reason it's nightmarishly difficult to detect even halfway clever hidden "extra" functionality in ICs.

 

For our own more practical reasons modern BIOS->UEFI is a major headache, because its a tiny full computer in itself, with CPU(s), networking, RAM and flash. One main problem: There is no real write protection for this anymore - in older days you had a jumper that write protected the BIOS, which was quite safe. Today, about anything and anyone can write to it and run code on it.

Very stealthy persistent Trojans/Boot Kits have already come this way - they don't show up in main computer RAM or on HD, modifying no perceivable data - but run along and analyze/send data somewhere.

 

 

 

EDIT:

If someone is more interested;

I just talked with a friend about it, and here's someone else that has documented how to run Linux on a HD:

http://spritesmods.com/?art=hddhack

Edited by Outlooker
  • Like 2

"Good people do not need laws to tell them to act responsibly while bad people will find a way around the laws." - Plato

"When outmatched... cheat."— Batman

Link to comment
Share on other sites

@Outlooker: I'm absolutely with you. Before Snowden, hardly anyone could believe in the massive conspiracy by Western secret services. Anyone who voiced his suspicions was put off as a hard case of paranoia. Today, we have hard evidence that those "conspiracy theorists" were spot on.

 

Now, regarding the transmission of viruses through audio channels, remember that even 15 years ago, it was possible to discover what a computer monitor is displaying even if there is a solid wall between you and the monitor. This was done by reading the electromagnetic signals that every monitor - CRT or LCD - is emitting. It was assumed then that with enough research, it would be possible to place a van on the street next to a house and spy this way. The German computer magazine c't had an extensive report about this.

  • Like 1

My Eigenvalue is bigger than your Eigenvalue.

Link to comment
Share on other sites

@Outlooker: I'm absolutely with you. Before Snowden, hardly anyone could believe in the massive conspiracy by Western secret services. Anyone who voiced his suspicions was put off as a hard case of paranoia. Today, we have hard evidence that those "conspiracy theorists" were spot on.

 

Now, regarding the transmission of viruses through audio channels, remember that even 15 years ago, it was possible to discover what a computer monitor is displaying even if there is a solid wall between you and the monitor. This was done by reading the electromagnetic signals that every monitor - CRT or LCD - is emitting. It was assumed then that with enough research, it would be possible to place a van on the street next to a house and spy this way. The German computer magazine c't had an extensive report about this.

I remember reading such an article back in the mid-90s. Some people would add extra ferrite magnets (the lump in many/most monitor cables) to their monitor cables to prevent that from happening.

System: Mageia Linux Cauldron, aka Mageia 8

Link to comment
Share on other sites

// Today, we have hard evidence that those "conspiracy theorists" were spot on.//

 

We do? Like what?

Link to comment
Share on other sites

Spring, did you honestly manage to miss the events surrounding Edward Snowden?

 

OTOH, I do know that this whole affair is much less intensively covered in ... well, most countries except Germany. I don't know about Canada, but even in the UK, the second biggest player in the Five Eyes gang, it's mainly The Guardian that regularly covers the events and offers new insight. Most other newspapers are well on the government's side repeating like sheep that the espionage is for the public good and only goes against those evil terrorists. Like the evil uber-terrorist Angela Merkel for example... XD

My Eigenvalue is bigger than your Eigenvalue.

Link to comment
Share on other sites

I haven't heard that many details, actually. All I know is that he revealed that a lot of spying was going on, which I don't think came as a shock to anyone. What "conspiracy theories" did he validate?

Link to comment
Share on other sites

If you spoke German, I could point you to my favourite computer magazine that has a comprehensive summary on everything that was uncovered right now. It includes major spying of a magnitude that was not thought possible (to sum it up very coarsely). We are talking about sifting to almost all telephone calls that were made in Germany and France on a certain date (apparently, the data is from 2010, but there is no reason to assume the technical capabilities have not improved). It was also uncovered that the US embassy in Berlin (Germany) has a listening post on its roof that was spying on Angela Merkel, German chancellor and die-hard follower for the US, who was quite a bit mad when hearing this news.

 

While the above mainly is interesting for Germans, The Washington Post and The New York Times apparently have a lot of evidence that US citizens are being spied upon by the NSA as well, which is - as I understand it - absolutely forbidden.

 

There was quite a lot that was unveiled, among that the fact that the British GHCQ has the ability to listen on underwater glass fibre communication cables IN REAL TIME! If you are interested, check http://www.theguardian.com/uk for some interesting reading. I can only assume that as a member of The Five Eyes, the Canadian government has no interest to have information on these events hit the public big time, so I guess they are played down.

My Eigenvalue is bigger than your Eigenvalue.

Link to comment
Share on other sites

I knew copper cable was super easy due to tempest, but glass fiber would be much more technical because of having to split the cable and such. Impressive and worrying.

 

NSA has been doing illicit stuff since the beginning of the organisation. Did you know that they pushed IBM (I think it was IBM) to use a 56-bit key for their DES standard rather than a 64-bit key? This was in the early 1970's!

You can call me Phi, Numbers, Digits, Ratio, 16, 1618, or whatever really, as long as it's not Phil.

Link to comment
Share on other sites

Interesting. A more recent undermining of a security standard is documented here: http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115

My Eigenvalue is bigger than your Eigenvalue.

Link to comment
Share on other sites

Well apparently I was in error. The malware doesn't "spread via sound". It actually just communicates with other infected nodes via sound. *That* is quite easy to do. (a daemon can listen for pulses at a given frequency , which are generated by the other machine)

 

Also on the subject of strange malware, another guy found a way to infect the *battery pack* of a laptop. http://www.macobserv...acbook_battery/

Edited by lost_soul

--- War does not decide who is right, war decides who is left.

Link to comment
Share on other sites

The French car Renault manufacturer sells e-cars that have a battery that can only be rented by the car owner. In case the owner is late with his payment, Renault can switch the battery off wirelessly. The potential for misuse is mind blowing...

My Eigenvalue is bigger than your Eigenvalue.

Link to comment
Share on other sites

Interesting. A more recent undermining of a security standard is documented here: http://www.wired.com...itymatters_1115

Yeah, I read about that earlier. Clever. Really though, the alarm bells should've gone off when the institute of standards just put forth an elliptic curve with no explanation as to where it came from.

You can call me Phi, Numbers, Digits, Ratio, 16, 1618, or whatever really, as long as it's not Phil.

Link to comment
Share on other sites

  • 1 month later...

I just think that would be fit right in here + is interesting enough:

 

"Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away."

 

Brought to you by crafty Jews, as it so often is:

http://tau.ac.il/~tromer/acoustic/

"Good people do not need laws to tell them to act responsibly while bad people will find a way around the laws." - Plato

"When outmatched... cheat."— Batman

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recent Status Updates

    • Petike the Taffer  »  DeTeEff

      I've updated the articles for your FMs and your author category at the wiki. Your newer nickname (DeTeEff) now comes first, and the one in parentheses is your older nickname (Fieldmedic). Just to avoid confusing people who played your FMs years ago and remember your older nickname. I've added a wiki article for your latest FM, Who Watches the Watcher?, as part of my current updating efforts. Unless I overlooked something, you have five different FMs so far.
      · 0 replies
    • Petike the Taffer

      I've finally managed to log in to The Dark Mod Wiki. I'm back in the saddle and before the holidays start in full, I'll be adding a few new FM articles and doing other updates. Written in Stone is already done.
      · 4 replies
    • nbohr1more

      TDM 15th Anniversary Contest is now active! Please declare your participation: https://forums.thedarkmod.com/index.php?/topic/22413-the-dark-mod-15th-anniversary-contest-entry-thread/
       
      · 0 replies
    • JackFarmer

      @TheUnbeholden
      You cannot receive PMs. Could you please be so kind and check your mailbox if it is full (or maybe you switched off the function)?
      · 1 reply
    • OrbWeaver

      I like the new frob highlight but it would nice if it was less "flickery" while moving over objects (especially barred metal doors).
      · 4 replies
×
×
  • Create New...