I saw a fascinating article discussed in Slashdot:
The gist of it is someone may have found malware that transmits itself using (presumably) ultrasonic sound from one computer to another. Once a machine is infected, the worm lives in the BIOS and can’t be removed. If a new computer is brought into the room, even with all networking cards removed, it still becomes infected.
So, has anyone heard of this and could it be true? Is it true?
Interesting and scary idea. Such a virus would be unstoppable.
First I find it hilarious that the article involves Mac’s This could turn into a PR nightmare for them.
Hypothetically possible, but how many computers can consistently send and receive acoustic data cosistently with any meaningful speed. You could be using some of the same protocols that acoustic modems used way back when, but are most computer speakers and mics good for ultrasonic? Sending is one thing, but receiving? How did the receiving machine know to interpret microphone input as data to be saved as a program file, to be executed?
It would be kinda like handing someone a sealed envelope with no name, no instructions, and no hint of whats inside and asking them to properly deliver it.
Sounds suspiciously like a hoax or a wild claim by someone who hasn’t a fucking clue how computers work. I’ll wait for this scare to settle down before being unduly concerned.
Absolutely!
Note however, it certainly isn’t limited to Macs: “the list of affected operating systems also included multiple variants of Windows and Linux.” Including Windows 8.
It is a very unusual virus-if this exists at all-which can infect the BIOS of arbitrary machines. I don’t imagine it is impossible, but I believe this would be one of a very few.
“As a security professional, the organizer of the internationally renowned CanSecWest and PacSec conferences, and the founder of the Pwn2Own hacking competition,…”
I do note that while he appears to be an accomplished computer engineer, apparently he isn’t working full-time in the field.
I don’t know the field, nor have I heard of this person before. But he is clearly not “someone who hasn’t a fucking clue how computers work”.
And note that while he certainly has his suspicions, I don’t believe he is claiming to have solved this problem. He is reporting the things that have happened to him and asking others to provide insight and suggestions.
They mention both the machines “whispering” to each other AND infected USB drives in the article.
From the way the article is written I’m not sure just where the infection is coming from.
One sign of an infected machine is the inability to boot off a CD.
So it should be simple to figure out. Go get a brand new laptop. Verify it can boot from CD.
Take it into the room with the infected units while running on batteries. Do not connect Ethernet cables or enable wifi. Leave it there.
Does it still boot from CD?
Yes? The “whispering” isn’t the source of the infection.
No? Houston we have a problem.
I think I’ll take a wait and see attitude for now. It’s amazing what happens when dust settles. Meanwhile, since I don’t have any Macs, I’m not worried.
I’d rate this as 98% chance of hoax. Note that there are 3 layers where the hoax can be created/embellished: The writer, the researcher, the fellow workers in the lab.
It’s doubly strange that Slashdot posted this twice in fairly quick succession. Starting on Halloween. More red flags. (Slashdot does stuff like this on April 1st. Halloween is the 2nd prankiest* day of the year.)
One question: What is the purpose of the sonic communication??? It can’t be used to spread the virus since it requires really weird stuff at the receiving end to pick up the sound, convert to something executable, etc. It would be extremely unlikely that the default software would have a buffer overflow problem just in idle mode monitoring audio bits flow by. The bandwidth is so low they cannot be used to pass on a large amount of data like spam or click-frauds if one of the computers is cut off from the Internet and this is the only way to phone home.
Maybe, and this is extreme, the infected machines are doing something like Bitcoin mining. The communication requirements aren’t too heavy for that. But frequent blocks updates are required to avoid mining for already found coins.
But I doubt it. Why would someone bother to write code that does something this extreme when there are so many millions of loosely protected machines out there to go after?
You start getting paranoid at this point. I.e., this lab was targeted in particular. For something like this, you could imagine a government agency really wanting to track everything these people do. Even on the machines that aren’t on the Internet. (With the manufacturer’s BIOS/software already pre-modded to allow this.) If you are paranoid enough to believe this, you might be paranoid enough to hear voices, even computer voices.
“Prankiest” does not appear to be in my dictionary. Pitisome.
This could just about be marginally possible if it were the case that affected computers were routinely translating incoming audio into binary - maybe if speech recognition is activated, something akin to a buffer overrun could be engineered, but it’s still pretty far-fectched.
A Mac doesn’t even have a BIOS. It has EFI instead.
Admittedly, EFI may be backwards compatible on various levels with BIOS, but it seems like a major challenge for a virus. If this were near to April 1 instead of October 31 I’d be more certain of my suspicions, but yeah I think the author is having us on.
As the article in the OP states - it (whatever it might be) affects both BIOS and UEFI.
The article is from Ars Technica, not Slashdot. The technology behind UHF communication between computers has been known for a while. It’s just that this is the first in the wild malware anyone has seen. The people interviewed are highly regarded professionals in the security field. It’s possible that they’ve made a mistake somewhere, but it’s unlikely that this is some career-torching hoax.
Pure bullshit by someone who likes attention. The mikes and speakers in notebooks are fairly crappy and the sound energy falls off geometrically with distance. For there to be any level of data reliable transfer across a distance 2-6 feet between machines would be almost impossible. Plus most of the time the microphone on a notebook is off. Voice-phone apps and similar can activate it, but mikes do not sit in the background on notebooks in “listening” mode when these apps are not activated.
It’s either “look at me work on this problem” BS or someone in his office is pranking him.
Even in the olden days of the early 80’s when this was actually a thing like in the acoustic modem cups used in the TRS-80 Model 100 portable computer you had to use tightly sealed acoustic cups sealed to the earpiece of the phone and that was to get just 150 baud.
The software can’t spread unless the uninfected computer can translate it into commands. This is not a standard bit of software on a computer, so it has to be infected first.
I think the claim was that two computers got infected. They thought they cleared the infection from one computer, but the BIOS still had the software to interpret the signals. Thus, it was extremely difficult to clean and would keep getting reinfected.
All good points. However, there are things to consider.
First and most important-no one is claiming to understand how this malware works. No one has found the code. It may be a series of random events. The person with the problem certainly isn’t claiming to understand it.
The /. post referenced an article in Ars Technica. Which I linked to. This isn’t a /. prank.
By itself, it doesn’t appear that the malware does much. It basically just keeps itself alive by preventing new OS installs from CDs. I agree this doesn’t make sense for click-fraud malware or any routine use. If you are targeting a well defended location with good cyber-security though, this is how one might do that.
I don’t think the author believes he was targeted. According to the article, he was examining a problem USB stick for a client, couldn’t find out what was wrong with it, and has been having trouble for the last 3 years.
Your point about how unlikely a buffer-overflow in the acoustic routines might be is well-taken. Perhaps there is another explanation. No one knows.
I think I found conclusive evidence this is a hoax or someone is messing with the writers head:
My computer; it’s not infected.
If this virus/malware is 1/10 as ‘contagious’ and persistent as the article describes every computer (ms/osx/Linux) in the world should be infected years ago.