Bridging the air gap

badBIOS
https://www.schneier.com/blog/archives/2013/11/badbios.html

I got to say I was very skeptical when I started reading the post and kept checking my calendar to see if it was April 1st. As is usual for Schneier’s blog, the comments are also interesting reading; I suggest interested reader(s) scroll down and check them out. The general consensus I got was it was feasible to get a few kbps and the knee jerk response is that bandwidth at that rate is useless. Well, for surfing the ‘net today, that is certainly the case, but back in the ‘old days’ when you weren’t transmitting gigabyte Flash files it actually could be very useful. Back in the ‘old days’ you would transmit compressed code and then compile it (or run it as a script) on the remote host and actually move quite a bit of functionality around over such a low bandwidth connection. So, for well written malware (yes, I know that is generally an oxymoron) such a tiny soda straw would be very valuable.

The moral to this story: with modern computers with all sorts of wireless communication (intentional or otherwise) devices built-in it can take a great deal of effort to truly isolate them.

Author: Tfoui

He who spews forth data that could be construed as information...