Re: Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps

[brian carroll]

>>  coderman wrote:

>> * some have confused the audio malware channel with audio as infection
>> vector - this is not the case.

> ~Griffin replies:

>   If you whistle into the bluetooth sensor *just* right, you might be
> able to pull it off. Just remember you have to use one of those special
> whistles that come in boxes of BooBerry.


ok- myself the fool must speak again...

imagine you have a secure facility, locked down, faraday caged, etc,
and a freaking marching band starts playing outside the walls...

what if this sound passed through the electromagnetic barrier that
captures EM signals, and activates or accesses hidden hardware,
computers within a computer, say a quantum network wakes up and starts
to parse data in an unobservable way. that is, enough computing power
to analyze and attain targeted data. and that in turn this data is
relayed outwards via vibrations - resonating sequences, that
exfiltrate data across enough sound bandwidth to dump everything in a
short period of time.

perhaps not Captain Crunch in an audio port, yet what of hidden audio
channels or dual-use components that can function as a microphone or
exist unseen, unobservable within the given software/hardware
perspective of what can be and is monitored.

whose to say or how to know that a particular MP3 playing nearby a
computer is not capable of infecting it via a stream of hidden encoded
data that could activate a switch or arm a hostile process. what if
the security system monitoring things is somehow able to communicate
across airgaps, or -- fuckit: ZOMBIES unconsciously programmed to make
errors or mistakes that lead to security exploits, say bringing in the
mp3 into proximity to the otherwise secure computer, something
believed innocuous potentially, yet such an action cascading into an
exploit beyond USB payloads.

what components besides a speaker can also function as microphones
(listening for signals), LEDs, perhaps FET or other devices as a
signal surge or particular sequence could (if not like buffer
overflow) function beyond known parameters. what if a resonating
cavity exists inside the CPU like ethernet wake-on-LAN and knowing
that whistle wakes up an alternative network and hidden functioning.

that piccolo player outside the window could be a hacker yet outside
the threat model.

hypothetical and conspiracy, though what about non-electromagnetic
dynamics also...