Ars: Cross-Platform Malware Communicates With Sound 245
An anonymous reader writes "Do you think an airgap can protect your computer? Maybe not. According to this story at Ars Technica, security consultant Dragos Ruiu is battling malware that communicates with infected computers using computer microphones and speakers." That sounds nuts, but it is a time-tested method of data transfer, after all.
Hoax (Score:4, Insightful)
Sorry, that sort of acoustic coupling is bound to be loaded with errors. You might be lucky to get 16 BYTES per second, and even then, those speakers aren't powerful enough to transmit very far.
Airgapped room? Those frequencies from laptop or regular internal computer speakers aren't going to make it past the walls.
Give me a break, slashdot.
Smells like BS (Score:3, Insightful)
I don't care how many tweets this guy's posted about, it doesn't pass the sniff test IMO.
Re:And there's a whole series of comments at Ars.. (Score:5, Insightful)
I think many of the commentators both here and on Ars Technica are making a basic mistake. No one claims that the machine is infected through its microphones. Duh! How would it know to listen and interpret noise as instructions. The claim is that once infected, the machines communicate using their speakers and microphones.
Is it possible? Sure. Do I consider it likely? No. It's one Hell of an effort for very little gain... in general. But we all have hobbies, so someone may have written a virus that infects through USB drives, overwrites BIOS, and resists the clean up of physically disconnected machines by communicating via sound.
Do I believe this particular story? Hmm... no. Mostly because, despite the reputation of the author, the article makes it sounds that basic mistakes were made during the cleanup process, and because not enough information has been shared with the community.
But if I was told the story is true, I could come with a great conspiracy theory to explain it. The author tries to keep all the fame for himself, the author is being threatened by the high tech agency that developed the strain but let it escape, the virus has alien origin...
Re:And there's a whole series of comments at Ars.. (Score:5, Insightful)
Name one reason why he didn't send the BIOS or a copy thereof to be examined by the OEM....***after three years of not being able to fix this***.
My next question would be: why did it take him so long to figure out that the USB might be the vector? But before you answer that question ask yourself this also: why hasn't he contacted the major USB drive manufacturers since this seems to be FAR more about a vulnerability at the USB controller level(far, far, far below control of the OS) that has been leveraged to then exploit writing a new firmware?
If this is a USB hardware exploit then the rest of this is superficial but after 3 years, you'd figure that someone would have found another copy of this thing by now yet he's the only one. If he wasn't aware that it spread through USB for 3 years, the odds of him bringing an infected jump drive to a friend or colleague's computer where it would then spread even more are so high that I can't believe no one has asked these questions.
IF it's a USB exploit, I'm fucking impressed but since he's played the "how many people can believe that I'm this stupid" card so many times in his "research" on this(I'm saying nothing of his other experience, mind you), I'd say it's likely a hoax of some sort.
The audio is NOT the infection mechanism. (Score:3, Insightful)
A staggering number of people commenting on this story seem to have failed to read and comprehend this article. There must be a few dozen comments stating that it's impossible to infect a machine with malware via audio. I can't find any mention of this happening in this article. The section that speaks of the communication via sound is referring to two previously infected machines. They are already infected, so now they communicate.
I don't know if this is complete BS or not, but at least read and comprehend the article before pouncing on it and making yourself look like an idiot for not reading it.