> Ruiu said he arrived at the theory about badBIOS's high-frequency networking capability after observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed.
Observed how? If not a standard interface (i.e. disk, network, etc), using what? How could he know they were encrypted unless he intercepted a payload?
> With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on.
What would be the point of this communication? It's BIOS would already need to be infected in order to be able to communicate via sound. The situation I can see this being useful is using another infected machine's Internet connection to download an OS specific payload, which makes some sense.
From what I understand, an airgapped computer got infected back after having its disk erased, its BIOS flashed and its OS reinstalled. His guess now is that the malware would be inside the RealTek audio chip software. From there it could theorically download the bios malware back on the computer through the high frequency connection (that does sound crazy!)
If, like Stuxnet, your goal is to infect specific machinery, then reporting back infection can be valuable. Once the right machinery is infected, others could wipe evidence of malware presence. You might object that uranium centrifuges probably don't have decent speakers to generate a signal... But they would instead generate unusual spin patterns, exactly what Stuxnet was designed to achieve, and those patterns would be audible to nearby equipment. Seems like a fine way for Stuxnet to report success back up the infection chain and then cover its tracks.
> Ruiu said he arrived at the theory about badBIOS's high-frequency networking capability after observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed.
Observed how? If not a standard interface (i.e. disk, network, etc), using what? How could he know they were encrypted unless he intercepted a payload?
> With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on.
What would be the point of this communication? It's BIOS would already need to be infected in order to be able to communicate via sound. The situation I can see this being useful is using another infected machine's Internet connection to download an OS specific payload, which makes some sense.