An unkillable computer virus - allegedly....

Myranda

Maxi said:

Im deeply sceptical but I dont think its impossible . It would depend on the manufacturing process of certain components on the mother board and a thick layer of conspiracy as to how and why they are there at all . A good portion of components are made by the cheapest supplier are they not ? and where do those originate from ? Its probably nothing to do with audible sound at all , more likely that the pc's in question are infected the moment they are assembled .

But are cheap mics built into a motherboard - and considering that most desktop PCs wont even come with mic it's already a premium piece by having an extra feature - going to be remotely capable of picking up ultra sonic transmissions whist simultaneously filtering out the sound of multiple case fans, a CPU fan, one or more GPU cooler fans, hard drive motors and electrical noise interference (which to my mind would make it the sort of fan that NASA would invest billions of dollars to invent).

Oh... I forgot, the computer that's transmitting to this billion dollar microphone is apparently also fantastic - it's totally fanless, with massive heat sinks only SSDs and the built-in soundcard is somehow so well isolated that it can emit sounds which are totally perfect.

Unless...

The virus is transmitted with some sort of three stage handshake per packet - which implies that not only is the virus writer assuming that people are using the most expensive mic's and soundcards ever conceived, they've already ninja'd there way into every motherboard manufacturer and added to the already weighty bios/chipset driver packs a data protocol that enables error correction on sound based transmissions so that his virus can be safely transmitted.

Oh, I forgot another hurdle - ambient noise... hmm. Ok... lets put the two PCs into a anechoic chamber.

Right, sorted - millions of PCs will be rocking this set up with the lowest cost parts.... Hmm the 50p sound chip, or the £400,000,000 sound chip and mic Hmm I'll cut costs and put the fabulously expensive chip in, for this £129 computer 

PolarityMan

Modems arent the most expensive conceivable mics and souncards ever conceived btw. 

But its still utter bullshit.

digitalscream

PolarityMan said:

Modems arent the most expensive conceivable mics and souncards ever conceived btw. 

But its still utter bullshit.

True, but even when modems used up-close acoustic coupling the sound needed to be fairly loud to get over the top of the ambient noise and still allow decent transmission.

Agreed, though - complete bullshit.

imalone

Read the article on the register a while back, haven't looked at the yahoo thing (because I got fed up with their obvious clickbait). The consensus seems to be that since this was an announcement trailing a talk at a security conference with no further details yet, it's going to be some kind of presentation on hoaxes or social engineering.
(FWIW, just started writing an explanation of why it's not possible, but stopped, because that waste of time is about the only exploit that would work like this.)
Edit:
point of a modem (modulator-demodulator) is to overcome noise by creating a predictable signal. A microphone is not enough, you have to be set up to receive and decode the signal.
What is potentially possible is this: http://www.schlockmercenary.com/2010-03-22 (if the camera is set up to read QR codes and do something based on them). What is being suggested is more like this: http://www.ansible.co.uk/writing/c-b-faq.html

GuitarMonkey

http://1.bp.blogspot.com/-qNeOqmpfFFw/UcwVm7SjvMI/AAAAAAAAebU/v_S3VEQAWII/s1600/full-image.phplandscape.jpeg

ICBM

Sonic screwdriver?

GuitarMonkey

It can do anything the script requires, including manipulating electronic circuitry, USING ONLY SOUND WAVES!

Myranda

PolarityMan said:

Modems arent the most expensive conceivable mics and souncards ever conceived btw. 

But its still utter bullshit.

...

digitalscream said:

PolarityMan said:

Modems arent the most expensive conceivable mics and souncards ever conceived btw. 

But its still utter bullshit.

True, but even when modems used up-close acoustic coupling the sound needed to be fairly loud to get over the top of the ambient noise and still allow decent transmission.

Agreed, though - complete bullshit.

This.

Modems weren't silently transmitting over distances of who knows how far. When they were sound coupled the phone headset was placed into the speaker/mic doodah, they were transmitting over millimetres and still loud enough to scare cats next door. This was not a PC speaker (normally the worse quality speaker you'd anywhere) in a metal box filled with poorly emf shielded circuitry and noisy moving parts somewhere in a room transmitting to a microphone in a metal metal box filled with noisy moving parts and poorly shielded electronics, in a room - which we're lead to believe could be another room entirely so not only over distance but through whatever barriers might have been in the way...

Sure it's physically possible to transmit data from A to B but this has to be two way transmission, (otherwise a dropped packet would render the whole thing pointless, the recipient has to be capable of requesting dropped packets) over unknown distances through one of the worst environments for sound recording you could get that isn't an engine room or underwater

All of this has to be done with the storage on the BIOS chip which is pretty small in most computers before EUFI and hardly unlimited even then

ICBM

And even if it was possible acoustically, the receiving computer would have to be already configured to extract code from an audio signal. If it isn't, no amount of code telling it to do so in the audio signal can make it so, since it can't read that code until it is.

octatonic

It is a not very subtle piece of social engineering.

Fear of viruses is what makes most of the money.

We are fairly well educated as to what is possible and what is not.

My mother, for example, is not.

You could absolutely sell this story to her and she would believe it because she simply doesn't have the knowledge to know it is false.

A lot of people are like that.

Acoustic coupling hasn't been a viable data transfer protocol for something like 2 decades and it certainly cannot work if one half of the coupling hasn't be configured to accept the signal.

Also, if it is acoustic coupling then simply talking over it would be enough to defeat it.

Complete, total and utter bollocks.

monquixote

Transmitting data via audio over a noisy air path is entirely feasible. I can say this quite confidently as I work for a company that provides a technology to do so. You can also do it in a way which would be completely undetectable to the average joe (provided the PC was making some other kind of sound at the time)

You also don't need especially high end speakers or mics to make it work. 

It would be an entirely feasible medium for devices to communicate and coordinate if they weren't connected via a network, but it would 100% not work as an attack vector on a machine which was not already running some code to detect it. 

octatonic

monquixote said:

Transmitting data via audio over a noisy air path is entirely feasible. I can say this quite confidently as I work for a company that provides a technology to do so. You can also do it in a way which would be completely undetectable to the average joe (provided the PC was making some other kind of sound at the time).

Interesting.

Tell me more- how does it work?

imported_none

Orla Cox. Ars Technica.

monquixote

octatonic said:

monquixote said:

Transmitting data via audio over a noisy air path is entirely feasible. I can say this quite confidently as I work for a company that provides a technology to do so. You can also do it in a way which would be completely undetectable to the average joe (provided the PC was making some other kind of sound at the time).

Interesting.

Tell me more- how does it work?

Well as you would expect I can't go into the specifics of how the system we use at work functions, but essentially you take an existing audio signal and use it as the carrier and then either add a signal and use shaping to hide it within the carrier (as with Spread Spectrum approaches) or you modulate the carrier in such a way that it is not perceptible to humans, but can be decoded by a machine as with echo hiding approaches.

People always assume it's ultrasonic or subsonic but as an audio bod you will know that most domestic equipment wont send or receive audio in this band very well and it will typically be destroyed by broadcast or compression. 

I keep work and play separate so I won't share my employer on here, but if anyone is interested hit me up with a PM and you can have a play with our iPhone app.

PolarityMan

imalone said:

What is potentially possible is this: http://www.schlockmercenary.com/2010-03-22 (if the camera is set up to read QR codes and do something based on them). What is being suggested is more like this: http://www.ansible.co.uk/writing/c-b-faq.html

More bulshit

Myranda said:

PolarityMan said:

Modems arent the most expensive conceivable mics and souncards ever conceived btw. 

But its still utter bullshit.

...

digitalscream said:

PolarityMan said:

Modems arent the most expensive conceivable mics and souncards ever conceived btw. 

But its still utter bullshit.

True, but even when modems used up-close acoustic coupling the sound needed to be fairly loud to get over the top of the ambient noise and still allow decent transmission.

Agreed, though - complete bullshit.

This.

Modems weren't silently transmitting over distances of who knows how far. When they were sound coupled the phone headset was placed into the speaker/mic doodah, they were transmitting over millimetres and still loud enough to scare cats next door. This was not a PC speaker (normally the worse quality speaker you'd anywhere) in a metal box filled with poorly emf shielded circuitry and noisy moving parts somewhere in a room transmitting to a microphone in a metal metal box filled with noisy moving parts and poorly shielded electronics, in a room - which we're lead to believe could be another room entirely so not only over distance but through whatever barriers might have been in the way...

Sure it's physically possible to transmit data from A to B but this has to be two way transmission, (otherwise a dropped packet would render the whole thing pointless, the recipient has to be capable of requesting dropped packets) over unknown distances through one of the worst environments for sound recording you could get that isn't an engine room or underwater

All of this has to be done with the storage on the BIOS chip which is pretty small in most computers before EUFI and hardly unlimited even then

But the principle is already known, filtering out background noise with static filters is relatively easy and you only need a single succesful transmission.

I mean commodity hardware can do speech recognition these days so transmitting an error corrected audio signal shouldnt be too hard, look at something like chirp for example.

The problem is of course that the victim needs to listening at which point why dont you jsut preload the virus?

bertie

people thought mobile phones  and flat screen TVs were bullshit once.

dafuzz

digitalscream said:

EDIT: I'd also call this guy totally incompetent - he's been battling it for 3 years, and only "recently" discovered that it can propagate via USB storage devices.

This. He's probably been using the same USB sticks the whole time, the dumbass.

monquixote

PolarityMan said:

But the principle is already known, filtering out background noise with static filters is relatively easy and you only need a single succesful transmission.

I mean commodity hardware can do speech recognition these days so transmitting an error corrected audio signal shouldnt be too hard, look at something like chirp for example.

The problem is of course that the victim needs to listening at which point why dont you jsut preload the virus?

It's not a massively computationally intensive thing to do. Sending a low data rate signal over a very unreliable link is very similar to the kind of thing Nasa are doing with the Voyager probes and they have the kind of computing power that makes a Commodore 64 look fast. When you have a lot of time and a lot of error correction you can send signals over very dodgy links. 

I can see an advantage in preinstalling the back door and then using an acoustic path to deliver the payload. It means you don't have to know what you are going to do at the time you add the exploit and if anyone finds it they will never know your intentions until it's too late.

If you think about something like the Iranian Centrifuge virus (which is probably the most advanced bit of cyber warfare ever uncovered) using an acoustic path is a brilliant way to control or deliver code to a machine on an isolated network. 

Myranda

PolarityMan said:

imalone said:

What is potentially possible is this: http://www.schlockmercenary.com/2010-03-22 (if the camera is set up to read QR codes and do something based on them). What is being suggested is more like this: http://www.ansible.co.uk/writing/c-b-faq.html

More bulshit

Myranda said:

PolarityMan said:

Modems arent the most expensive conceivable mics and souncards ever conceived btw. 

But its still utter bullshit.

...

digitalscream said:

PolarityMan said:

Modems arent the most expensive conceivable mics and souncards ever conceived btw. 

But its still utter bullshit.

True, but even when modems used up-close acoustic coupling the sound needed to be fairly loud to get over the top of the ambient noise and still allow decent transmission.

Agreed, though - complete bullshit.

This.

Modems weren't silently transmitting over distances of who knows how far. When they were sound coupled the phone headset was placed into the speaker/mic doodah, they were transmitting over millimetres and still loud enough to scare cats next door. This was not a PC speaker (normally the worse quality speaker you'd anywhere) in a metal box filled with poorly emf shielded circuitry and noisy moving parts somewhere in a room transmitting to a microphone in a metal metal box filled with noisy moving parts and poorly shielded electronics, in a room - which we're lead to believe could be another room entirely so not only over distance but through whatever barriers might have been in the way...

Sure it's physically possible to transmit data from A to B but this has to be two way transmission, (otherwise a dropped packet would render the whole thing pointless, the recipient has to be capable of requesting dropped packets) over unknown distances through one of the worst environments for sound recording you could get that isn't an engine room or underwater

All of this has to be done with the storage on the BIOS chip which is pretty small in most computers before EUFI and hardly unlimited even then

But the principle is already known, filtering out background noise with static filters is relatively easy and you only need a single succesful transmission.

I mean commodity hardware can do speech recognition these days so transmitting an error corrected audio signal shouldnt be too hard, look at something like chirp for example.

The problem is of course that the victim needs to listening at which point why dont you jsut preload the virus?

Perhaps, but the article is about inaudible sounds... so has to be outside the spectrum of hearing - unlike mq's which is rather sneaky sneakys subliminal-esque data (which is a fascinating subject btw! awesome thing to be doing as a job!) stuck in other sounds.

dafuzz said:

digitalscream said:

EDIT: I'd also call this guy totally incompetent - he's been battling it for 3 years, and only "recently" discovered that it can propagate via USB storage devices.

This. He's probably been using the same USB sticks the whole time, the dumbass.

Hasn't this been known since USB (or probably since floppy disk)? Want to upload a virus/malware/spyware/porn to a company who has ninja external security? drop some usb or foppies in the carpark marked with "payroll" or "private" and human nature will mean someone sticks it in a machine and BAM! GOTCHA!.

Perhaps there's a lost in translation subtly from the Russian to English? Security researcher apparently means he's lost his keys and he's looking for them a second time.

Danny1969

During the war the they used SIGSALY to protect Churchill's calls to Roosevelt. Basically you have 2 identical records of random noise, then you record mask the call at one end  by having a mix of 95% random noise to 5% telephone audio. Now at the other end you play the same random noise record at  exactly the same time but you flip the phase and sum the result . Any identical signals (the random noise) will be cancelled out leaving the wanted signal in good order. I practice what they did was a bit more complex but you get the idea. The point is poor mics and speakers wouldn't matter in terms of transmitting a digital signal hiding in an analog audio file. 

You could write a program that listens to a wave and extracts an instruction from it but such a program would be gone if you wiped the os