Hacker News new | comments | show | ask | jobs | submit login

I am responding to this (quoted from the Ars article):

"We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD," Ruiu said. "At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we're using to attack it? This is an air-gapped machine and all of a sudden the search function in the registry editor stopped working when we were using it to search for their keys."

"Ruiu posited another theory that sounds like something from the screenplay of a post-apocalyptic movie: "badBIOS," as Ruiu dubbed the malware, has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps."

I presume the computer that had reflashed BIOS, fresh disk drive, with zero data, installed from a Windows System CD, was uninfected. Then it became infected. Then he mentions a theory that it jumps airgaps with speakers and microphones.

This strongly implies that the claim is of a virus that jumps airgaps from an uninfected machine to an infected one through sound.

Which part of this is incorrect?

(Also, the claim that infected computers communicate via sound to bridge airgaps is not mutually exclusive with the claim that infection can spread over airgaps. So what you quoted does not contradict this claim, which is why I didn't take it as a refutation of my previous reading).

The computer had been infected. They scrubbed everything you would normally scrub, and it was reinfected. The hypothesis being that the infection persisted somewhere, such as the Realtek firmware.

At no point has anyone believed a never-infected computer would become magically infected via audio. You are looking for such a suggestion and finding it in poor writing. In reality, it is not there.

If you want to lambast Ars Technica for shitty writing, go right ahead, but don't criticize Dragos's claims until you are certain you know what they are. And as we all know, such a certainty can never come from the press. You must go to the source. Read Dragos's Google+ page and his Twitter feed. And read them carefully, not hastily and not with the intent of finding fantastical claims where they don't exist.

You've been primed by a sensationalist article to look for something sensational. Be conscious of that.

> You are looking for such a suggestion and finding it in poor writing.

You have crossed from facts which you know into speculation about my mental processes, and in fact you are incorrect about the latter. Without any preconceptions about this whatsoever, I read the Ars article and it strongly suggested to me that the claim was that the infection itself had spread over an air gap.

Otherwise, why even lead from this story into the theory of communicating via sound? If indeed the computer was already infected, then it would be no surprise that it could do something like interfere with running a registry editor. The air gap jumping would be entirely irrelevant to the story.

Why would a never-before-seen-in-the-wild malware technique be irrelevant to a story about the malware implementing in?

Sorry, I was unclear. By "story" I meant the specific story about the machine they attempted to wipe clean but that still remained infected somehow. The theory that the virus could communicate over air gaps would be irrelevent to that specific story, because if we assume that the computer was still infected, jumping air gaps is irrelevant to what was observed in that specific instance.

In other words I'm agreeing with you that the Ars article was misleading. But my initial comment was not meant to be critical of Dragos or anybody else. It was an honest, uncharged question about how my reading of the Ars article would be possible, even theoretically. The answer (it sounds like) is that the Ars article misled me about what Dragos was actually claiming.

I think the point is that anyone with an ounce of technical competence knows that the claim of formerly a normal computer being infected via sound is patently absurd, so even bringing it up is unnecessarily distracting from the discussion at hand.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact