I read that yesterday. I'm skeptically optimistic that he might actually be wrong. It is a truly scary read for Halloween, not that the date had anything to do with the article.
The facts are those attack vectors are real, at least in theory. The fact that this may prove those theories are horrifying. On Fri, Nov 1, 2013 at 6:29 AM, Steven M. Caesare <[email protected]>wrote: > If you read Dragos’ twitter and facebook posts, although USB was likely am > initial infection vector (incidentally, perhaps modifying the flash > controller/firmware on the mem stick along with an potential volume ID > buffer overflow) , he subsequently found that airgapped machines seemed to > be able to communicate over the internet, with the bridge apparently being > HF audio.**** > > ** ** > > It’s not clear if HF audio ALONE is sufficient to be an infection vector > or is simply a method to continue to communicate with C&C infrastructure > and/or combat eradication/forensics attempts. Given that audio driver > and/or FW infection seemed to be necessary on the receiving machine, it may > imply both sender and receiver of the HF audio payloads would already need > to have been compromised.**** > > ** ** > > -sc**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kevin Lundy > *Sent:* Friday, November 1, 2013 9:06 AM > *To:* [email protected] > *Subject:* Re: [NTSysADM] Fw: Scary stuff for Halloween...not a hoax > either**** > > ** ** > > Maybe it is poor writing, but the article says the malware is transmitted > via USB drives. Quite easy to jump an air gap with a thumb drive.**** > > ** ** > > On Fri, Nov 1, 2013 at 7:27 AM, Rankin, James R <[email protected]> > wrote:**** > > Don't know whether any of you have read this...**** > > Sent from my (new!) BlackBerry, which may make me an antiques dealer, but > it's reliable as hell for email delivery :-)**** > ------------------------------ > > *From: *Rankin James <[email protected]> **** > > *Date: *Fri, 1 Nov 2013 11:25:53 +0000**** > > *To: *'[email protected]'<[email protected]>**** > > *Subject: *Scary stuff for Halloween...not a hoax either**** > > ** ** > > > http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/ > **** > > **** > > *James Rankin > *Citrix Infrastructure Specialist > Hiscox**** > > **** > > **** > > ** ** > ------------------------------ > > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > No one else is authorised to distribute, forward, print, copy or act upon > any information contained in this email. If you have received this email in > error, please notify the sender. > > Hiscox Syndicates Ltd and Hiscox Insurance Company Ltd are authorised by > the Prudential Regulation Authority and regulated by the Financial Conduct > Authority and Prudential Regulation Authority. Hiscox Underwriting Limited, > Hiscox Europe Underwriting Limited and Hiscox ASM Limited are authorised > and regulated by the Financial Conduct Authority. Hiscox plc is a company > registered in England and Wales under company registration number 2837811 > and registered office at 1 Great St Helen's, London EC3A 6HX.**** > > ** ** >
