Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps - mephistolessiveur.info
Meet “badBIOS,” the mysterious Mac and PC malware that jumps Freedom is the right to be wrong, not the right to do wrong. . I would have thought that one of the first things after seeing the symptoms on varying hardware would be to On Thursday, Ars Technica ran a story about badBIOS, a nasty. I agree that the symptoms as described in the Ars article are pretty goofy, but . Yes, Ars Technica is one of the best outlets for detailed technology .. this post: mephistolessiveur.info Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps I smell an infectious rat, and I don't mean a bad BIOS. .. USB sticks plus it has very obvious symptoms but it hasn't infected anyone aside from him.
Please don't do anything evil. And for another, it's almost impossible to detect a tampered device without employing advanced forensic methods, such as physically disassembling and reverse engineering the device. Antivirus scans will turn up empty.
Modern “Hackintoshes” show that Apple should probably just build a Mac tower
Most analysis short of sophisticated techniques rely on the firmware itself, and that can't be trusted. Most troubling of all, BadUSB-corrupted devices are much harder to disinfect.
Reformatting an infected USB stick, for example, will do nothing to remove the malicious programming. Because the tampering resides in the firmware, the malware can be eliminated only by replacing the booby-trapped device software with the original firmware.
Given the possibility that traditional computer malware could be programmed to use BadUSB techniques to infect any attached devices, the attack could change the entire regimen currently used to respond to computer compromises. He said the attack is similar to boot sector infections affecting hard drives and removable storage.
- Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps
- Linus Torvalds: I will not change Linux to “deep-throat Microsoft”
- Ars Technica System Guide, Spring 2018: The show-your-work edition
I would be mentally and physically drained and all around me would be sick of the constant discussions of the lastest discoveries. I don't get paid for researching and working on my own machine. All I get is a life on hold, but not in a world on hold.
Yet, during all the endless hours of searching and reading I had yet to have a connection to hacking, rootkits, real malisious security issues. Fast forward to August, leading into Labor Day. I had lost general xontrol and been working on regaining it for a few days. I had to act like I knew my family, though, and actually go off line for the long weekend on a trip to lake property where there wasn't even the chance of online.
Scans continued to show clean, after one trojan id and removal So, I read all I could and quickly downloaded new programs suggested to help. I even thought it might be good to run them while off line and that a break from all else online would be good. I rsn the ones I could, without internet, and a few new issues appeared and removed.
Otherwise I did not spend time at the computer, even to work on pulling togerher work research.
On the return home I couldn't access the internet. Provider was no help. NOW, my real education started I aggressively started shutting down services and digging even deeper into the machine The difference here is that you could save yourself months to years of frustration by flattening and starting from a clean HDD.
I can sympathize in that I enjoy researching as well, but with your primary system, you need to realize when you're over your head and the interest of outsmarting malware starts massively affecting productivity. Because that's the vibe I'm getting.
Seems absolutely absurd otherwise. Show us the proof, bring in the forensics experts from outside.
Otherwise it's just a bunch of Cold Fusion wankery style claims. I'm sure people said similar things about Hans Reiser in the past, too.
If he claims a USB stick is a vector for infection He's claiming the device firmware, the "U" that lets the "SB" talk to multiple computers, is infected. It's all very plausible and interesting, but needs way more information from other eyes, otherwise its very 'War of the Worlds'. Also, is this the kind of thing the Mythbusters guys could help with, or is there not enough exploding for them to be interested?
The claim is that it is not the data on the USB drive, but the firmaware of the USB stick controller that has been compromised. So if your dog starts barking at your PC, or your cat's hair stands on end and it runs away hissing, that means your PC is possessed pwned by the forces of darkness?
INF or anything so crude. And at the same time, it can pretend to be an innocent and completely empty Flash drive as well, as USB allows multiple endpoints.
It's called a laptop. This was done to eliminate the possibility of receiving data over the power line, which has been done. Also, as a few people have pointed out, the claim that data is being sent over audio channels was not a claim that it was infecting computers through the microphone.
Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps | Ars Technica
He claims two already infected machines were communicating this way. I think that the "infected via speaker" hypothesis is maybe bunk. But I would be less surprised if the Windows disc itself carried the infection straight from the pressing plant, and it was, I dunno, running an overvoltage somewhere on the mobo to broadcast data over RF and fake up a wifi connection. Yeah, I know that the foregoing sounds like it came out of a '90s Neal Stephenson novel but it's a tiny bit more plausible than infection by ultrasonic broadcast decoded by pinhole speaker.
This is not entirely true. I agree that the symptoms as described in the Ars article are pretty goofy, but Dragos is a pretty well-known dude in the security world and he has involved a lot of big names in the community now via Twitter.
He has shared some data infected USB sticks and dumps of procmon output although a lot of people would like to see more information. There are claims that the BIOS is thwarting attempts to read or write to its data which is certainly technically possiblebut it is relatively trivial to pull the flash memory and get dumps of its content.
He also isn't claiming, as many here seem to think, that machines can infect themselves with the speaker microphone trick -- just that machines already infected use this to communicate.Lenovo G70-80 ubuntu Kernel bug BIOS startup Error - Corrupt Bios chip replacement
This is certainly technically possible, I've seen it demonstrated, but it is unclear that it offers practical value.