Quantcast
[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology


View post   

[ Toggle deleted replies ]
File: 132 KB, 640x360, badbios.jpg [View same] [iqdb] [saucenao] [google] [report]
37744244 No.37744244 [Reply] [Original] [archived.moe] [rbt]

Seems fake to me, but now more people are buying it.

What do you think /g/?

http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

>> No.37744290

>>37744244
> Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed.
Seems legit, mate.

>> No.37744293
File: 529 KB, 890x1200, 1382551786161.jpg [View same] [iqdb] [saucenao] [google] [report]
37744293

Prolly something with halloween.

>> No.37744361

Seemed completely fake at first, but the more I read about it, the likelier it gets that it's real.

It's far from impossible at all, as some guy said, if someone really wanted to code a BadBIOS, it would take a year max to a good sec guy and coder.

>> No.37744364
File: 77 KB, 461x307, hawking-weightless.jpg [View same] [iqdb] [saucenao] [google] [report]
37744364

>>37744290
hawkin's radiation, man

>> No.37744389

but how can it work across all systems? wouldnt it need root access in most linux systems to even touch the bios from them? unles it sneaks around the OS entirely

>> No.37744405

>>37744290
> Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility that it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.
Journalism at it's finest.

>> No.37744417

>>37744389
The whole point of attacking the BIOS is that you are even lower lovel than the OS. You have direct hardware access.

From what we know so far, most USB drivers don't check for buffer overlows. Any rogue USB device could exploit any BIOS or Operating System this way.

And BadBIOS is confirmed for being able to flash USB keys drivers.

>> No.37744429

>>37744417
so one way to defeat this would be to change the way a USB driver is coded?

>> No.37744443

"confirmed"? confirmed for fucking what? it's something one jackass is dealing with, in a half-assed way. fighting it for three years and he hasn't dumped the bios to examine it on another machine? what a crock of shit.

anybody that spreads this is a fucking fool.

>> No.37744448

>>37744417
Well in the October patches for windows, there was a section covering USB driver exploits

>> No.37744461

>>37744429
Yes. All usb drivers in this gay earth are vulnerable.

That's a really clever trick.

>>37744448
Yes, but there are literally hundreds of bugs to patch and checks to do. I doubt that everything is patched yet.

>> No.37744481

> Interestingly, this exposes a seldom-discussed downside of using an Apple computer. Their product line is extremely small, which means that hardware-specific attacks and firmware attacks like BIOS rewrites are much easier to do.
This is a stray comment, is it correct that only Apple computers are vulnerable? If so, toppest lel.

>> No.37744489

>implying you can just rewrite any controllers on flash drives

>> No.37744491

>airborne computer virus
>some people here actually question its validity

>> No.37744497

>>37744461
well what about requiring certain keys and access codes to even write to the bios in the first place

why is writing to the bios such an easy thing in the first place?

>> No.37744515

>>37744481
> is it correct that only Apple computers are vulnerable?
No Windows and loonix too. Even xBSD apparently, wich is known for being very secure.

>>37744497
> well what about requiring certain keys and access codes to even write to the bios in the first place
The point is that it's an exploit, it bypass the 'keys and access codes' (and there's no such thing as access codes to flash a BIOS afaik).

It exploits a bug to replace the BIOS with whatever code (via buffer overflow or whatever), and then flash itself permanently.

>> No.37744529

>>37744515
so then the only way to really stop this is to litterally make the bios impossible to write to at a hardware level?

>> No.37744534

>>37744491
> >airborne computer virus
It is not. See >>37744405
Data transfer over ultrasound is possible, some android phones actually do that already (Samsung or Asus iirc)
Nobody said about infection over microphone, only about already infected machines establishing a physically independent network to propagate patches and payload.

>> No.37744546

skynet is up
also microphone and speakers make feedback, maybe that shit has something to do with it

>> No.37744548

>>37744515
It's a bios virus, OS does not matter, but the article implies that only apple hardware is affected.

>> No.37744550

>>37744529
> so then the only way to really stop this is to litterally make the bios impossible to write to at a hardware level?
Yes, but you don't want to do this.
Lots of people want/need to flash their BIOS.

The better way would be to simply fix the USB drivers and understand how BadBIOS works.

>> No.37744563

>>37744550
well true but then the coder finds another exploit and we start back at square one

hell id even take user swapable bios chips over having to worry about this

>> No.37744564
File: 48 KB, 280x314, 1348292301804.jpg [View same] [iqdb] [saucenao] [google] [report]
37744564

Jeez, this is fucking spooky.
Are we really going to need to start putting our workstations in anechoic chambers to prevent malware phoning home?

>> No.37744579

>>37744548
> It's a bios virus, OS does not matter
The OS matters a lot actually.

The thing with the BIOS is that it's only used at startup to load the OS kernel and necesary files, then the OS switches to Protected Mode and ditches the BIOS completely to use it's own drivers instead.

What BadBIOS probably does is that when the OS is trying to load it's kernel and files, it replace some of them with a rootkit, thus infecting the OS drivers too. But this is OS-dependant, you need a different code for each OS.

>>37744563
That's what happens regularly in computer security. People find new exploits, and other people try to patch them.

>> No.37744605

>>37744579
how in the fuck does it change linux drivers without root access?

>> No.37744651

>>37744605
This is before Linux is even loaded, there is no concept of "root" before that happens.
This is at the stage of your bootloader, instead of just mapping the kernel into memory it slips the rootkit in as well.

>> No.37744656

>>37744564
I somehow doubt it.

While the technology may be there, I doubt that:
1: Not All speakers can actually achieve the frequencies necessary to transmit data without humans hearing it
2: The receiving machine has to have it's microphone activated and ready to receive data, as well as the algorithms to decode said transmissions

Basically the malware can only affect another computer if it was already infected first and was listening.

>>37744605
Because it can probably replace them before the OS even loads.

Linux then loads the fake drivers thinking they are legit.

>> No.37744657

>>37744605
Linux needs the BIOS to load itself at startup. It basically asks the BIOS "hey give me that file on the disk".

At this point BadBIOS has to replace the vanilla Linux drivers by it's own rootkit.
No need for root. Root is just something invented by linux. The BIOS has full access to the hardware

Then once linux is done loading it's own drivers, it stops using the BIOS and use its own drivers instead.

>> No.37744660

If for a moment we accept it's real, who could write something like this?

>> No.37744674
File: 242 KB, 537x600, 1292476151307.png [View same] [iqdb] [saucenao] [google] [report]
37744674

what the fuck am i reading.

>> No.37744677

>>37744660
A group of seriously motivated hardware hackers and coders, with at least a year to waste full-time working on this.

>> No.37744690
File: 1.25 MB, 1845x1923, 1378444827541.jpg [View same] [iqdb] [saucenao] [google] [report]
37744690

P.S. WERE ALL PART OF THE BOTNET

>> No.37744693

>His network transmitted data specific to the Internet's next-generation IPv6 networking protocol, even from computers that were supposed to have IPv6 completely disabled. Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed.
wut

>> No.37744697

>>37744657
so then short of bios flashing there could be litterally no way to actually stop this

what is he risk to consumer level hardware at this point?

>> No.37744717
File: 21 KB, 318x318, skynet.jpg [View same] [iqdb] [saucenao] [google] [report]
37744717

YOU COULD HAVE STOPPED IT /g/

>> No.37744731

>>37744697
> short of bios flashing there could be litterally no way to actually stop this
Even BIOS flashing doesn't work.
It's extremely resilient, there is no known way to get rid of it, except destroying your computer.

It's probably copying itself in every firmware it finds, including but not limited to the BIOS emergency backup, the system controller, your keyboard and mouse, your USB drives, your webcam, .....

The risk is that if there's a bug in BadBIOS, it could brick your hardware completely. Also you're part of the most powerful botnet so far.

>> No.37744736

>>37744697
It depends on how easy it is to get infected in the first place.
The big thing about this virus is that it's insanely difficult to get rid of, not that it's easy to catch.
You need to actually run code that exploits your particular system to write shit to the BIOS, I don't know how easy that is.

>> No.37744738
File: 48 KB, 470x600, 1302190064007.jpg [View same] [iqdb] [saucenao] [google] [report]
37744738

>>37744693
>>His network transmitted data specific to the Internet's next-generation IPv6 networking protocol, even from computers that were supposed to have IPv6 completely disabled. Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed.

>> No.37744787

>>37744738
>Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility that it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.

>With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on.

>> No.37744791
File: 364 KB, 1100x1002, 1378436676614.png [View same] [iqdb] [saucenao] [google] [report]
37744791

YOU COULD HAVE LISTENED

>> No.37744796

>>37744736
>>37744731
well what are the actually chances of this not even being a real thing anyway? i mean really if this guy found it three years ago wouldnt it have spread like wildfire by now and be in literally everything? wouldnt this be as famous and big as stuxnet? why is it just being talked about now isntead of 3 years ago?

>> No.37744812

>>37744738
They might just be doing IPv6 over ultrasound, so that's not too crazy.
I mean why write the whole protocol from scratch?

>> No.37744815

>>37744791
and you are retarded


processor has nothing to do with this

>> No.37744833
File: 79 KB, 501x585, 1379360624656.jpg [View same] [iqdb] [saucenao] [google] [report]
37744833

>>37744815
dont lie to me shill

>> No.37744842

>>37744796
That's the weird part. He's the only guy who reported on this in 3 years.

That's very strange, he's not exactly the most talented faggot even if he's good.

Imho either the thing 3 years ago had nothing to do with this, or they are targetting only a select number of people and the infection would remain inactive anywhere else (no weird packets, no disabling other OSs, no actively infecting every media)

>> No.37744856
File: 43 KB, 812x549, speccy.png [View same] [iqdb] [saucenao] [google] [report]
37744856

>>37744833
i have and AMD CPU for fuck sake

>> No.37744865

>He found it installed in some laptops with Windows systems installed, but it proved to be somehow platform independent as it can infect a BSD system and OSx is not immune.

>It reflashes the system BIOS, and it is resilient: even after flashing the BIOS with a legit firmware, it will still be there. This forces the researcher to use a new machine for each test.

>It uses communication via SDR (Sotftware Defined Radio) to bridge air gaps (computers out of the network). It works even if the wireless and Bluetooth cards are physically removed.

>It loads a Hypervisor.

>When the BIOS is infected, it doesn’t let you boot from external devices regardless of settings. Most of the times, it goes for internal disk.

>It reflashes all USB drives plugged into an infected system, including external USB CD drives. It doesn’t affect the files in the USB, it directly infects the firmware.

>Just plugging an infected memory stick in a clean system will infect it… without even needing to mount it!

>In infected Windows systems, some extra .ttf and .fon files appear – three of them (meiryo, meiryob, and malgunnb) have a size that is bigger than expected.

>When trying to extract those files, they disappear from the burnt CD.

>People are pointing to Russia as an origin of this malware as they are the only known developers of reset flash controllers’ software. The malware also blocks the reflashing Russian software sites.

>> No.37744874

>>37744842
either that or the guy is just a pig fat liar dragging others into it as well

>> No.37744879
File: 236 KB, 500x500, hoops.gif [View same] [iqdb] [saucenao] [google] [report]
37744879

>>37744856
>>37744856
youre in the clear... for now

>> No.37744893
File: 208 KB, 756x729, ohmehgawd.png [View same] [iqdb] [saucenao] [google] [report]
37744893

>>37744879
that is the best thing i've seen in a while

>> No.37744907

>>37744865
>When trying to extract those files, they disappear from the burnt CD.
How in the fuck do files disappear from a burnt CD.
That's some quantum mechanics shit right there

>> No.37744910

>>37744874
Yeah, but I know him a little and that would be really surprising.

He has a good reputation and he just keeps giving more details on twitter and posting 900MB dumps on mega. He's really trying from what we can tell.

If he's faking it, either he's trying to achieve something big or he went completely nuts.

>> No.37744919

>>37744907
Maybe the system only said it burnt the files on there, but in reality it burnt nothing at all.

>> No.37744927

>>37744907
> How in the fuck do files disappear from a burnt CD.
Files are added by the rootkit on every burnt CD, when you open the CD you get infected somehow, then the rootkit (wich is now in your computer) hides the files for you.

>> No.37744961
File: 13 KB, 432x286, 1266511797293.jpg [View same] [iqdb] [saucenao] [google] [report]
37744961

>>37744907
https://plus.google.com/app/basic/stream/z13dipmrqznqgzd3g23cz52wykrrvjjce?cbp=1e2crs2nn9kw3&sview=27&spath=/app/basic/103470457057356043365/posts&sparm=cbp%3Dnyxpc9t3whh2%26sview%3D1%26spath%3D/app/basic/stream/z13tzhpzvpqyuzv1n23cz52wykrrvjjce

here's his original post about it.

anyone want to download those files?

>> No.37744968
File: 27 KB, 500x265, 970372_374252376042097_502092172_n.jpg [View same] [iqdb] [saucenao] [google] [report]
37744968

leejun did it obviously

>> No.37745179

>>37744865
>font files infect wanblows systems
and this, kids, is why kernel font rendering is a bad idea

>> No.37745443

>>37744910
Could this be a stage agency targeting a select group of tech people and this guy was the first to find out?

>> No.37745465

>>37745443
Maybe. But that's a little too much if they just wanted to target a couple tech guys.

This is world-domination tier malware.

>> No.37745480

If this thing works by fucking up the BIOS, why don't they make BIOS read only unless a switch is flicked on the back of the case, or a contact is shorted on the motherboard?

>> No.37745499

>>37745480
Because > muh ease of use I don't want to dismount my computer just to flash a BIOS.

But it still wouldn't be a perfect solution, BadBIOS could still exploit the USB drivers and flash other microcontrollers instead.

>> No.37745518

>>37744865
>It uses communication via SDR (Sotftware Defined Radio) to bridge air gaps (computers out of the network).

I don't think you know what a Software Defined Radio is.

It is apparently using inaudible tones over the system's speakers.

SDR would imply that the computers magically had UHF/VHF/MW/etc transmitters and receivers hidden on the motherboard.

>> No.37745537 [DELETED] 

>>37745518
it uses attached speakers and mics, m8.
stops transmitting if they're disconnected.
you should read the article.

>> No.37745547

>>37745499
>But it still wouldn't be a perfect solution, BadBIOS could still exploit the USB drivers and flash other microcontrollers instead.

That is still better than being able to directly control the BIOS.

>> No.37745555

>>37745518
SDR is just to mean that they are using their own high-freq sound transmission protocol imho, not regular sdr.

>> No.37745574

>>37745537
SDR is Radio.

Sound is not Radio.

If it used radio, speakers and mics would not have anything to do with this.

>> No.37745580
File: 49 KB, 346x365, CoreTemp-Scr.png [View same] [iqdb] [saucenao] [google] [report]
37745580

>>37744856
>965
mah nigga

>> No.37745590

>>37745574
i misread your post, sorry m8.

>> No.37745592

>>37745518
>inaudible tones over the system's speakers
I thought casual speakers cannot reproduce inaudible tones

>> No.37745599

That's just the nsa backdoor m8
Comes with every laptop

>> No.37745604

>has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps.

topkek

>> No.37745608

>>37744293
Post more.

>> No.37745610

>>37745592
Most of they can just a little over 20k

>> No.37745621

>>37745604
That's like the last resort covert channel.
But apparently it's possible.

>> No.37745652

>>37745592
Depends who is listening.

To much of my family, the whine of my CRT (15.734 kHz at 60Hz) is inaudible.

There are few people I know that can hear it at normal volumes, but my microphone picks it up with ease. This is because human hearing drops off in sensitivity at higher frequencies, with older people usually having it drop off earlier.

Inaudibility is in the ears of the beholder.

>> No.37745657

>>37745610
there are quite a few people able to catch slightly above 20k frequencies
also pretty the mics capturing sound have reduced range

>> No.37745660

>>37745590
m8m8m8m8m8m8m8m8m8m88m8m88m8m888888888m8m8m8m8m

>> No.37745697
File: 146 KB, 1280x1440, 1326440397528.jpg [View same] [iqdb] [saucenao] [google] [report]
37745697

#badBIOS

RIP COMPUTERS

>> No.37745816

For those who are still skeptical about the whole ultrasonic thing:
https://play.google.com/store/apps/details?id=com.animalsystems.chirp

>> No.37745851

>>37744244
http://www.damninteresting.com/on-the-origin-of-circuits/

>> No.37745857

>>37745816
I think the main issue here is supposedly magical abilities of this thing as one guy in the comments says-
> it can infect all kind of bootstrap flash: BIOS, UEFI as and EFI, it works equally well on Mac, Windows and Linux, it has magical power over USB flash controllers (apparently, regardless of brand), can create a mesh network over a covert channel that, somehow, ends up creating "network data" that can be pulled by a regular forensic tool (but still eludes identification for several years) and it can do all this while nesting itself in a BIOS image that is 8 megs big (at best) without actually crippling it. I won't even go into the weird ability to kill >files of CDs...
>In one place.
>For one man.
>Without anyone else being able to reproduce or even confirm it.

>> No.37745865

This guy clearly has schizophrenia or something.

>> No.37745897

>>37744579

BIOS loads and reads OS USB Device IDs... These are the keys that make the malicious code activate the PHREAKING 2.0 styled phoning.

Naysayers... Do you even know that batteries actually exist in mobos ????????????????????????????????

Naysayers, you quote 2 lines of an article

then dismiss it.......................................

YOU DON'T FUCKING KNOW SHIT, THE
RESEARCH IS 3 YEARS LONG

>SHILLS
>TROLLS
>NSASAYERS

FUCK U

>> No.37745932

>>37745897
Do you even speak english ?

> BIOS loads and reads OS USB Device IDs... These are the keys that make the malicious code activate ...
Yes, we know. It's a buffer overflow in the BIOS driver. When did I even quote the article to dismiss it ?

You need to calm down, anon.

>> No.37745938

>>37745518

NEW WORLD ORDER IS DEVELOPING A MESH OF OWNED DEVICES TO CONTROL THE PLEBE

PLEBE SAYS IT DOESN'T HAPPEN

PLEBE IS LOOSING........................

AS ALWAYS

>> No.37745941

I like that skull pic

>> No.37745957

>>37745932

YOUR MOMMY SUCKS NSA COCKS

>> No.37745974

>>37745957
lol

>> No.37745987

https://twitter.com/Cstobing

this guy claims to be infected as well. lel.

>> No.37746003

Proof of concept infector located @ http://destaps.com

>> No.37746013

The guy who has been reporting it is a pretty well respected security researcher. I see no reason why he would just ruin his reputation over a silly hoax.

>> No.37746014
File: 94 KB, 343x361, happening.jpg [View same] [iqdb] [saucenao] [google] [report]
37746014

>>37745987
Fuck, his pic looks legit.

We need more doom paul.

ITS HAPPENING.

>> No.37746024

>>37746014
that pic isn't his. it's a retweet from someone attempting a proof of concept for infrasonic data transmission.

>> No.37746050

>>37746024
He's claiming to have the same symptoms as Dragos, then post a pic of 20KHz transmission, and it's a fucking PoC ?
What a faggot.

>> No.37746064
File: 42 KB, 500x321, Project_2501.jpg [View same] [iqdb] [saucenao] [google] [report]
37746064

Sup?

>> No.37746068

Sounds like a load of shit. Either he made a simple mistake and has too much pride to admit it, or he's so full of himself that he genuinely believes that any nonsensical theory he comes up with is plausible by virtue of him coming up with it.

>> No.37746088

>>37746050
it's just a RT, anon. he's posted plenty of data of his own. don't know if his data is any good - not going near it on this machine.

>> No.37746107

>>37746068
Other people start claiming that they have the same symptoms.

Imho lots of people are infected but just didn't immediatly thought "BIOS-flashing rootkit" when they couldn't boot on CDs.

>> No.37746135
File: 41 KB, 521x445, 11-01 16_41_24-dragosr (dragosr) sur Twitter.jpg [View same] [iqdb] [saucenao] [google] [report]
37746135

Ultrasound transmission confirmed for working up 0.1KB/s and already found in the wild.

>> No.37746150

Maybe it was made by the NSA, imo they're the only one who have enough money and expertise to pull off something like this,

IF, this is not just a Halloween prank.

>> No.37746177

>>37746150
> The NSA
> Expertise in computing
The NSA is too busy drawing kool smileys and making stupid PPTs.

Meanwhile, the Syrian Electronic Army keeps getting better everyday. I'm scarred.

>> No.37746178

So, how long before someone makes a jammer for this?

it wouldn't be too hard, i guess.

>> No.37746192

>>37746177
:¬)

>> No.37746193

>>37746107
It's a psychological effect. If you tell people that they have the plague, eventually they'll begin to feel symptoms.

>> No.37746206

So, is this shit real?

>> No.37746209

>>37744534
Speakers double as poor microphones. They receive audio deflection as well as produce them. They just never have the sophisticated tuning of a good mic. If this transmits diverse beeps and boops outside of the range of human hearing, it's possible. I would imagine the recieving machine would need to be set up to incorporate data from its speakers experiencing deflection, though.

>> No.37746219

>>37746178
It transmits primarily by USB/CD apparently, you can't really fix this without patching every OS and flashing every BIOS.

We're in a really deep shit.
I'm considering the idea of writing my own simple USB firmware flasher.

>>37746193
Maybe, but this is computer security specialists, they are supposed to know what they talk about.
If they can't boot on a CD and get weird 8mb TTF files, it's probably not just psychology.

>> No.37746225

>>37746193
Their PCs aswell apparently.

>> No.37746238

So far it's just a bunch of retards circlejerking on twitter (le #badbios le le) so I'm not really convinced

>> No.37746241

>>37746178
pretty easy

>> No.37746270

>>37746238
Tried looking at the dumps and files ?

The TTF file particularly since they are easy to understand, table 63, it's not just your average TrueType script.

>> No.37746273

>>37746219
All people have the capacity to be imbeciles, anon. I have no reason to believe that in the same position, I'd avoid the same mistakes.
>>37746225
Sure, why not? Maybe they had no reason to know if their computers could boot from optical media until now.

>> No.37746284

>>37746273
> All people have the capacity to be imbeciles, anon. I have no reason to believe that in the same position, I'd avoid the same mistakes.
Maybe, that other guy doesn't seem very prone to questionning himself. We'll see I guess.

>> No.37746298

Biggest load of shit u have red in my life
Why is this thread still up

>> No.37746312

>>37746298
Halloween scare story anon.

>> No.37746346

>>37746241
idk, one of my friends made a infrared jammer, basically you just have to send garbage data at the same frequency the original data is transmitting. Though im not an expert, so don't quote me on that.
>>37746209
Input from microphone has to be amplified before it can be processed.
Output from the audio female jack is loud enough to power an earphone. it may be amplified further if needed, though.

So, you could get a speaker running as a microphone in theory, the jacks on a normal computer doesn't have enough hardware capabilities to operate it as such.

>> No.37746366

>>37746346
my freind actually used to use a old pair of speakers as a mic

>> No.37746385

>>37746366
I successfully used some earbuds as a mic before, but I had to literally scream and it was still barely picked up

>> No.37746407

>>37744865
>without even needing to mount it
Your USB controller still communicates with the drive and gets some information from it when you plug it in.

>> No.37746410

>>37744244
And you thought hiding viruses in .jpgs was implausible

I'll believe it when we have multiple sources confirm it.

>> No.37746412

>>37746346
an audio "jammer" at 20kHz? Extremely easy, just get a 555 and you're basically done. They sell those things as teenager repellents as far as I know.

>> No.37746413

>>37744364
that's so awesome, he looks really happy, or maybe gravity isn't pulling his jowls down anymore

>> No.37746417

>>37745547
Not really. If you gain control of the USB controller on a x86 system you basically have a hold on the entire system.

>> No.37746432

>>37746013
Because he's clearly cracked.

>> No.37746437

>>37746298
Read the thread. It's getting more and more likely that this is real.

>> No.37746462

>>37744293
Jesus Christ get that shit out of this thread.

>>37744244
Seems to odd for me, I'd have to see it.

>> No.37746598

>>37746417
?? that why faulty usb devices lock up or restart my pc?

>> No.37746673

>>37746598
Probably. It's a well known fault of these devices. You can control PCI, most kinds of buses, all that shit if you have control of the USB controller.

>> No.37746680

BIOS based viruses are not a new or novel thing.

since the early 90s, there have been options in BIOS to prevent and notify the user if the BIOS is being modified.

>> No.37746718

>>37746680
This one is resilient. You can't boot a non-controlled OS, DBAN and flashing your BIOS is not enough to get rid of it, and any computer with USB is vulnerable.

Also, it laods high-level rootkits apparently, it looks very sophisticated.
It's like all those piece of cutting edge PoCs mixed together.

>> No.37746780
File: 36 KB, 366x334, 1373038624686.jpg [View same] [iqdb] [saucenao] [google] [report]
37746780

>>37746718
>take the bios chip out
>replace with a new one or fry it clean like in the old times
>20 cents

>> No.37746806

>>37746780
I can't really remove my bios chip, the bastards soldered it in place...

>> No.37746826

>>37746780
You don't get it, it appears to copy itself everywhere, in the keyboard/webcam/system controller/whatever, and in whatever OS you boot.

If you don't clean absolutely everything on all your computers, it'll just come back.

Also, my BIOS chip is tiny and soldered, changing it is a pain.

>> No.37746844

This is art.

And you can bet that if something is a theorized possibility, someone will use it. Most likely governments. The individual components of this are not that ground breaking, but it's the total package that does it. I'm sure there are other even more sophisticated ways of making infected computers communicate than with sound, one idea I have is if computer A have a webcam and the malware activate it and record video and the malware incomputer B modify the reresh rate of the monitor so the light emitting from it flickers. Unnoticeable to the human eye but perhaps enough for the webcam to pick up on if it happens to be in close proximity to machine A? At least in a dark room it could be viable. I'm sure there are other ways too.

>> No.37746873

>>37746826
>in the keyboard/webcam
So hackers can now use magic. Good to know.

>> No.37746903

>>37746873
~Every chipset can be flashed, for upgrading purpose.
And it's almost always one of the 10 generic chipset made in russia apparently.

>> No.37746928

Hey guys, I've made a virus that infects computers via photos emitted by the sun.

>> No.37746954

>>37744550
>want
sure
>need

uh, no, your an idiot

>> No.37746970

OP here.

So you guys think this is real? Is it time to panic now and delete all my horseporn before somebody finds it?

>> No.37746978
File: 52 KB, 239x306, 1374927054981.jpg [View same] [iqdb] [saucenao] [google] [report]
37746978

>>37746928
>not a virus that uses electromagnetism to take over smartphones with the sensor they have

>> No.37746985

>>37746954
> your an idiot
You're. You are.

And sometime you buy hardware that isn't supported by your BIOS, and it's either buy a whole new fucking motherboard or flash your BIOS. Everyone can't afford a new computer anytime.

>> No.37747014

>>37746970
Maybe.
Just keep your horseporn in a TrueCrypt container, don't open it, and wait until we know more.

But if it's really 3 years old and nothing happened yet, then they just don't care about your horseporn.

>> No.37747024

>>37744244
>skull drawn on the boot menu
>gee I wonder if it is a virus or not

>> No.37747031

How are you supposed to sandbox this without bricking your hardware?

>> No.37747039

>>37746978
Actually all these new sensors in smartphones is a gold mine for people who want to exploit them. A lot of new methods are theoretically possible with them. The more different kinds sensors, the more the more theoretical possibilities there are to create stuff like this.

>> No.37747042

tfw reading this then turning off your ceiling fan and your speakers make a noise

>> No.37747046

>>37747024
That's just a shop.
I can tell by the pixels and having seen quite a lot in my time.

>> No.37747059

Would this thing be able to collect info on activities of the infected and send it somewhere else?

>> No.37747062

>>37746985
newfag confirmed

>> No.37747079

>>37747031
You can always reflash bricked hardware if you have the expensive hardware to.

>>37747059
Obviously.

>>37747062
Lurking since mid 07.
It's just not funny anymore.

>> No.37747089

>>37747062
wow trolled so easily

>> No.37747121

>>37747014
>TrueCrypt

There is an ongoing debate on whether or not TrueCrypt and AES are NSA safe. The NSA don't give a shit about your horse porn, but don't think for a second that it's 100% safe. NSA have been at the forefront of mathematics for decades, there are reason to believe that progress have been made in removing several orders of magnitude off of the time required to do analytical attacks on these kinds of encryption, among other things.

>> No.37747133

>>37747079
But from reading the thread and the article, I thought that standard reflashing does not remove this?

It essentially turns your hardware into a zombie? I don't know I kind of want to play around with it but my computer is expensive. I might do it on a throwaway lenovo I have laying around.

>> No.37747147

Can the PC speaker that is used bu the MB to report error codes be hacked into sending out inaudible signals?

>> No.37747154

Is one of the symptoms shutting off the computer at night without being asked, or is that just loose wiring in my case?

>> No.37747156

Most of everything is built on legacy freeware from the 80s and 90s
I wonder this didn't happen earlier

>> No.37747158

>>37747121
Yep. Just use the AES+Twofish+Serpent setting if it's just to store your horseporn safely.

The Truecrypt binairies have been confirmed for matching the source.

Now we just need to finish auditing the source and finding better than AES.

>> No.37747180

>>37747133
> I thought that standard reflashing does not remove this?
Because it manages to copy itself somewhere else, we just don't know where exactly.

But if the malware can flash itself inside, then you can always flash the original firmware back by the same means.

>> No.37747198

>>37747180
Pretty clever stuff.

>> No.37747202

>>37747154
It's not a symptom. Check if your computer is not overheating.

>> No.37747237

>>37747154
That's a setting in every modern OS you illiterate baboon

>> No.37747239
File: 27 KB, 514x263, 11-01 17_44_47-dragosr (dragosr) sur Twitter.jpg [View same] [iqdb] [saucenao] [google] [report]
37747239

The Ars team is going to take a look at Dragos's findings, but can't confirm anything yet.

>> No.37747245

Just how hard is it to figure out how it works? Can't they just do a bios dump and compare it to the official manufacturers copy?

>> No.37747249

>>37747158

That doesn't provide plausible deniability though. Not to mention that unless you download it onto a ramdisk and never write anything to disk you are at risk of not being able to erase the disk properly. If you use an SSD it's even more uncharted territory if you ever write unencrypted data to it. Not to mention that your VPN is probably the first thing to break down if someone is hell bent ot catching you. TOR is obviously a no go. Also, keys can be extracted from RAM for up to 30 seconds after shut down so make sure you have thermite at hand everytime you open your truecrypt container.

>> No.37747273

>>37747180
why not deban the drive, remove the CMOS battery, and just reflash stock BIOS like 20 times over?

>>37747202
Shit, it might be. Sometimes I leave Minecraft on overnight on accident and it's pretty intensive, even if it is just on the main menu because java

>> No.37747285

>>37747245

Probably encrypted and shit too. So you need to extract information from RAM, BUS communication etc. You can probably emulate hardware in software though, I'm sure NSA have entire government programs for that.

>> No.37747297

>>37747249
No one cares this much about your horse porn.

I'm talking about encrypting it safely inside a Truecrypt container and not touching it again. Just storing.

Reencoding in .webp or a weird/new format can help since most forensics tools are outdated as fuck and can't detect them.

>> No.37747320

>>37747273
> why not deban the drive, remove the CMOS battery, and just reflash stock BIOS like 20 times over?

He tried. Then reinstalled a vanilla Windows8 that was checked to be clean against the MSDN source, and the infection came back anyway.

>> No.37747351

>>37747320
yeh, but just because a scan said it was all good does not mean it wasn't still in there somewhere.

>> No.37747368
File: 269 KB, 451x720, 1375546924689.png [View same] [iqdb] [saucenao] [google] [report]
37747368

So, what? This shit is the next Red October?

>> No.37747382

>>37747351
> but just because a scan said it was all good does not mean it wasn't still in there somewhere.
It's not a 'scan', he checked the MD5.

>> No.37747422

>>37747297

I know, I'm just theorizing. Truecrypt might be broken in the future, so it's not a guarantee. Re-encoding won't do much unless they are retards. I say the safest method is to learn a memorization technique and memorize the binary code of the images in your head and just retype them in a hex editor and rebuilt the images whenever you need to see the pictures. Might severely restrict the resolution of them though because of the character limit, but the world record is 67,890 characters so that should give you five whole 100x100 pixel images stored 100% fool prof. Unless you are captured and they force it out of you..

>> No.37747448
File: 68 KB, 384x494, you-gonna-get-raped.jpg [View same] [iqdb] [saucenao] [google] [report]
37747448

TFW the NSA is using Van Eck phreaking to detect your monitor signal right now from their van outside your house.

>> No.37747449

>>37747422
> the world record is 67,890 characters
I can't even anymore.

>> No.37747471

>>37747449

http://www.guinnessworldrecords.com/world-records/1/most-pi-places-memorised

>> No.37747488
File: 57 KB, 417x413, qothr8n[1].png [View same] [iqdb] [saucenao] [google] [report]
37747488

>>37745580
Can I join?

>> No.37747495

So, what is the target for this thing?
Governments?
Banks?
Military bases?

>> No.37747500

>>37747368
Seems much worse, since IIRC Red October was still on the OS level.

The blowback from RO was mostly due to who was being targeted and how systematic the targeting was.

>> No.37747501

>>37747245
> Can't they just do a bios dump and compare it to the official manufacturers copy?
He did. It's just not easy to analyze a whole BIOS dump.

Some faggot from reddit tried and didn't found anything.

>> No.37747519

>>37746978
>not just taking over all electronics globally with tetrahexcedecimal-electromagenancy

>> No.37747522

>>37747495
Just imagine a whole organization ANYWHERE being infected with this and how much it would cost to get it removed.

>> No.37747527

>>37747495
Could be anyone. It looks like the next big cyberweapon.

Only the best experts even managed to notice it. In 3 years.

>> No.37747536

>>37744534
>It started about three years ago, when Ruiu noticed an isolated machine behaving very strangely.

>Even though the laptop wasn’t connected to a network with any other badBIOS-infected systems, it was physically close to some.

It clearly did not collect the virus when it was connected to the network because it wasn't on the network.

>> No.37747549

>>37747519
Or just use the rotational velocidensity of the SSD on the device to degrade files into viruses.

>> No.37747551

>>37747422

Hmm. If you scale an image to such dimensions that you can break the image into 67,890 20x1 pixel strips and just memorize the pattern for aligning them properly you can increase the res 20 fold. To brute force it would be hard, the number of permutations would be astronomical. Assuming the attacker have no access to the original image. Algorithms for grouping some colors (like flesh tones) could limit the sample space though..

>> No.37747569

>>37747536
Original infection vector is believed to be USB/CD.

>> No.37747571

>>37747536
He confirmed it was being transferred through USB devices.

>> No.37747573

>>37747527
>Only the best experts even managed to notice it. In 3 years.

Could because it didn't infect that many people..

>> No.37747583
File: 11 KB, 300x105, screen-shot-2013-08-29-at-10-46-38-am[1].jpg [View same] [iqdb] [saucenao] [google] [report]
37747583

>>37745179
problem, apple?

>> No.37747598

>>37747573
A malware that can't be removed, spreads by at least USB, CDROM, and probably network too ?

>> No.37747609

>>37747549

lel

Although, why haven't viruses based on genetic algorithms been made yet? They could harness the compute power of the botnet to perform permutations and test the viability on the machines on the network to gather data. Over time it could evolve and change

>> No.37747631

Moral of the story, don't plug in usb drives

>> No.37747633

>>37747598

It can be removed, and it spreads locally but not on line. If it did spread globally the traffic would have been picked up fast.

>> No.37747637

>>37747598
Yes. This apparently combines every known infection vector for x86 machines as well as self-healing capabilities by utilizing ultra-sonic ad-hoc networks to communicate with other infected machines.

>> No.37747665

>>37747637

Sums it up pretty good. All that's missing now is the ability to change and adapt based on a changing environment.

>> No.37747678

>>37747633
> the traffic would have been picked up fast.
Since it's ok with 100B/s audio communication, the traffic generated must be pretty limited.

And it seems to use a weird IPv6-ish like protocol, not something widely monitored.

We don't know yet if it spreads by the network, but I wouldn't be surprised.

>> No.37747679
File: 1.04 MB, 720x900, kek.png [View same] [iqdb] [saucenao] [google] [report]
37747679

>this thread

>> No.37747722
File: 448 KB, 455x395, 1374351043728.png [View same] [iqdb] [saucenao] [google] [report]
37747722

>>37747239
>ars technica

>> No.37747737

This is going turn out to be a mass scale psychological experiment isnt it?

>> No.37747742

>>37747722

lol'd

>> No.37747753
File: 219 KB, 1280x720, Untitled.jpg [View same] [iqdb] [saucenao] [google] [report]
37747753

>>37747488
so we're doing this now?

>> No.37747771

>dragos ruiu
>has "malware" for 3 whole fucking years
>doesn't say anything about it
>mentions copernicus bios verification tool on twitter
>begins the saga of the badBIOS malware

good story but i don't buy any more than that.

can't wait until /g/ starts wrapping their computers in aluminum foil

>> No.37747775

>>37747737
Maybe.
That's what I thought at first, too many things are strange.
It should be easy to pick up, he just need a microphone. Yet he's not posting those audio packets.

But now I just want to know.

>> No.37747795
File: 1 KB, 289x27, Untitled.png [View same] [iqdb] [saucenao] [google] [report]
37747795

>>37747753

gentlemen

>> No.37747798

>>37747771
>doesn't say anything about it
But he did. It just wasn't all over the news.

>> No.37747828

>>37747771
>wrapping their computers in aluminum foil

nah m8, just have to remove bios speaker, rootkit and everything it installs, then remove bios chip itself and solder a new one onto mobo

>> No.37747850

Question is.
What's the payload?
And when?

>> No.37747886

>>37747771
three years since this infection is now hypothesized to have begun. Merely a couple of weeks since the analysis has been going on.

>> No.37747904

>>37747850
We don't know. There's a BIOS flashing, kernel-mode rootkits and weird TTF files involved so far.

>> No.37747934
File: 56 KB, 523x594, 11-01 18_20_11-dragosr (dragosr) sur Twitter.jpg [View same] [iqdb] [saucenao] [google] [report]
37747934

Dragos is running more tests and will probably bring more infos soon.

>> No.37747936
File: 460 KB, 2592x800, 1272604670142.jpg [View same] [iqdb] [saucenao] [google] [report]
37747936

>>37747850
NOW

>> No.37748133
File: 276 KB, 512x368, 1376407178915.png [View same] [iqdb] [saucenao] [google] [report]
37748133

I can't wait for this shit to leak out and wreck havoc across the world.

>> No.37748156

>>37748133
It's been here for 3 years already.

>> No.37748161

>>37747850
The internet is alive and it wants to exterminate the human race

http://www.youtube.com/watch?v=h03QBNVwX8Q

>> No.37748227

>>37744293
why do they wear such rediculously tiny hats?

WHY ARE THEY SO TINY??

>> No.37748249

anyone who belives in this story should also take up a fundamentalist religion. It's like someone saying their car is running without gasoline and they can make calls without a sim card

>> No.37748250

>>37748227
Why not is what I must ask.

http://video.adultswim.com/tim-and-eric-awesome-show-great-job/tiny-hats.html

>> No.37748498

>>37746780
>remove BIOS (UEFI) chip
>get new one
>CERTIFICATE MISMATCH, SYSTEM HALTED
>tfw I should have used coreboot

>> No.37748952

>>37746826
>You don't get it, it appears to copy itself everywhere, in the keyboard/webcam/system controller/whatever, and in whatever OS you boot.
Now that thing flashes into every device controllers on earth without bricking them? Gosh this must be one fucking huge virus!

>8mb ttf file
ok

>> No.37748981

>>37748952
Everything is not in the TTF files.
And we don't know yet what other hardware it can flash, but a lot of firmwares are the same.

>> No.37749037

>>37748981
You don't get it. It implements a self replicating self bootstrapping environment that also happens to implement a complete network stack from nothing in order to preserve itself. And all that by fitting in the tiny eeproms you have in your devices, while still allowing them to function as they would normally.

Is this thing called Windows?

>> No.37749060
File: 81 KB, 580x202, alsa_hq.png [View same] [iqdb] [saucenao] [google] [report]
37749060

>>37749037
I just hope it doesn't use ALSA for the audio stack.

>> No.37749077

>>37749037
Silly anon, that's not how malwares work.

The 'tiny eeprom' first contains the first stage, then when you boot the first stage install the OS rootkit, wich downloads the second stage, including the TTF files, and everything else.

>> No.37749104

>>37749077
Yes, and all this fits in a carefully crafted USB drive.

>> No.37749120

>>37749077
>wich downloads the second stage
From a mysterious invisible C&C server?

>> No.37749137

>>37749104
The first stage does.

It's just assembly, not luashit or whatever script people use these day. Of course it fits on a USB drive.

>> No.37749143
File: 65 KB, 580x346, 1370057547229.jpg [View same] [iqdb] [saucenao] [google] [report]
37749143

>>37748498
lol

>> No.37749185

>>37749120
> From a mysterious invisible C&C server?
We don't know yet. Maybe there's no C&C and it's all a huge P2P network.
Maybe there's a c&c over Tor. Maybe the weird ipv6-ish protocol calls back to a random domain in russia.

>> No.37749217

>>37749185
>huge P2P network
I want to believe.

>> No.37749644
File: 11 KB, 516x131, twitter..jpg [View same] [iqdb] [saucenao] [google] [report]
37749644

Dragos will be releasing some BadBIOS samples soon.

>> No.37749743

>20 kHz modulated audio signal
>best case, 11,000 baud
>itty bitty microphones' sensitivity goes to shit around 15kHz

Ya know what? I call bullshit.

>> No.37749746

chipsets of every computer since 2004 are rootkit'd

THE END

>> No.37749821

No no no, really, just listen at yourselves /g/.

A malware that can infect ANYTHING, that is prepared for every kind of BIOS and rewrites every firmware to infect it. It can infect computers, flash drives, OS, keyboards, webcams, mouses, fridges... and you barely notice it's there, because all of your firmware has been perfectly infected, fused with an all-powerful virus that can bypass everything in just a few kilobytes or megabytes, the size of a BIOS. It even includes 8MB fonts specially prepared for Windows systems, but they are perfectly stored inside the BIOS because they invented some kind of infinite compression algorithm. It makes a buttnet with other infected computers and it even can control speakers and microphones to continue being in contact with other systems plugged off from the web (something unlikely, but they covered this possibility because of reasons). Shit, it can even improve the quality of the average speaker or microphone to detect frequencies they shouldn't be able to detect, and it's prepared for some piece of software only a few computers have (microphones are only common in laptops). They coded this feature even when it was completely unlikely that a computer that had microphone and speakers included but no Internet connection was near other BadBIOS-infected devices. It can even inject itself when you are burning a new CD, and if they tested this fucking mental masturbation it surely also injects itself when compiling binaries without mattering the language it's written on or the target architecture, because this malware is friggin' awesome!

And I repeat, all of this can fit inside every BIOS without breaking it.

And we just noticed now, after three years of its release.

This is either a bad (but elaborated) Halloween prank or a Pluto's kiss-tier malware created by the Illuminati in collaboration with the Reptilians.

I sincerely doubt this is a real thing.

>> No.37749951

late april fools?

>> No.37749978

>>37749951
Nah, it's just in time for a spooky scary technology terror tale.

>> No.37750023

how do I infect myself with it
I want to see this for myself

>> No.37750035

>>37750023
you already are

>> No.37750079

>>37750023
Download the 900MB CD files, burn on a CD, reboot.

Download the TTF files, put them in the Windows Font folder, and preview them in explorer.

>> No.37750141

remember that evil country in the middle east which computers where infected by something..this is a key

>> No.37750154

>>37750079
>900MB
>CD
What?

>> No.37750196

>>37750154
mega.co.nz/#!5Rpn3JyC!SEb5vB_KofcMl-vBKMS_j3RBdFlj0ROmFmKt8huNdNk

>> No.37750233

>>37750196
Oh shit man, you just posted the URL! Now we are all infected!!!!!

>> No.37750350

>>37744677
it's worth it when you program the payload to steal a billion credit card numbers, amirite?

>> No.37750379

>>37750350
Yep. But you already need to be pretty talented to attempt this.

If this is confirmed to be true, they'll have the whole planet trying to find them.

>> No.37750477
File: 32 KB, 565x359, Screenshot - 11012013 - 12:43:58 PM.png [View same] [iqdb] [saucenao] [google] [report]
37750477

>>37747795
Train kept a rollin, all night long

>> No.37751017

bumb

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Password [?]Password used for file deletion.
Captcha
Action