Because it doesn't explain that the system was a laptop until toward the end of the article:
> Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility it was receiving signals over the electrical connection.
To be fair, the Ars piece is poorly written IMO and makes some very outrageous claims throughout the first half. And I personally find the speaker-microphone route implausible given how difficult that would be. Even the article stakes a claim that it's very difficult to prove:
> It's even harder to know for sure that infected systems are using high-frequency sounds to communicate with isolated machines
Given the variable quality of speakers and microphones on laptops and other devices, it doesn't seem like a viable route to me, and this is resting far too much on speculation and conjecture to be of any use.
Worse, I haven't yet found anything in the article that suggests every infected machine had a speaker/microphone combination. There's just not that much useful information, hence why this sounds more like a scare piece.
I'm finding myself more and more in agreement with other comments here that have suggested it was probably a reckless use of an infected USB device that wasn't properly ruled out.
Edit: I should also note that if they're so suspicious that the systems are transmitting sound to other non-infected machines, it shouldn't be too difficult to prove/disprove this by recording sound in isolation. The problem is IMO given the variable manufacturers of sound devices, drivers, and so forth, the complexity of this would be such that it'd be nearly impossible. An infected USB device makes much more sense and is a simpler explanation.
> So you are saying it is implausible because it doesn't make sense if you don't read the whole article?
That's a bit of a strawman, don't you think?
> Ever used a modem?
Yes. And I don't think that's applicable in this case. First, a modem is designed specifically for such a use case--second, we're talking about an exploit that would (in theory) somehow make use of a microphone to spread itself to a target host.
You would have to assume that there's some flaw in either the audio driver for the microphone, firmware, or whatever that can be exploited by sending some combination of sounds to it. While that's possible, it seems unlikely that would be the case and much more likely that the culprit is an infected USB device of some sort, which has been discussed at length in other threads here (and would take far less work). For the variable quality of consumer microphones in a laptop or other such device to pick up a signal in such a manner as to exploit firmware/driver software at range makes this theory questionable IMO.
My personal hunch isn't that Mr. Ruiu is wrong. I think he's found something interesting and potentially dangerous, new, and fascinating. What I DO think, however, is that the Ars writer may have misunderstood, misinterpreted, or is misrepresenting the information he received.
He may or may not be, but whatever your hunch is, it doesn't appear to be based on the actual situation at hand, so I don't think it carries that much weight.
edit - sorry for being so harsh by the way, I went and re-read the article and I can see how you can read it as the transmission vector being audio rather than just communication between infected machines. I didn't read it myself that way but at the same time it is not particularly clear.
> No we are not, we are talking about communication between already infected machines.
I rather wish you had shared that tweet instead of engaging me in splitting hairs. I dismissed the article outright as stupid largely based on the initial claims it made, which seemed implausible and outlandish. Going back and re-reading the bit on microphone-speaker ultrasonic transmissions makes more sense in light of what you've shared. I don't think those two paragraphs were particularly well written and could have provided additional clarification.
That said, I was wrong and misinterpreted that particular part as being a mechanism for attack. I apologize for my glaring mistake. It renders my previous comments entirely incorrect and they should be ignored. To anyone else viewing this thread, please disregard my previous statements. They were based off of misinterpretations regarding an incorrect reading of the Ars piece.
Sadly, it's the fault of my unfortunately judgmental and inherently skeptical nature with regards to much of the news I read. Maybe it's the fault of politics and the likes, but in spite of the dangers of excessive skepticism, I think it's a better long term approach that can yield useful questions and discussion. Unless it gets out of hand, as is my case. :)
> He may or may not be, but whatever your hunch is, it doesn't appear to be based on the actual situation at hand, so I don't think it carries that much weight.
I still stand by what I have said. I think Mr. Ruiu has stumbled upon something quite fascinating. I was under the mistaken impression that ultrasonic communication was used as an attack vector. So let's not be too harsh over an honest mistake. :)
However, I do think the Ars piece isn't a particularly useful exhibit of Mr. Ruiu's work thusfar (particularly in light of the tweet you shared); it's a lengthy, rambling article that provides only fragments throughout its impressive word count, requiring careful reading and some liberal interpretation of the author's intent.
Then again, that's probably a matter of necessity, so I can't really fault Ars. A frightening-sounding article peppered with equally frightening lingo gets page views. "Boring" academic reports rich in data do not.
Sure, but that uses audible tones; the method described in the article employs ultrasonic tones, and I think (parent (parent)) is questioning the likelihood that cheap(ish) laptop audio hardware can be reliably depended upon to generate and detect such high frequencies.
I understand your skepticism, but I would not discount things simply because they do not fit in your frame of mind and assumptions. For example, some may assume that sound based data transmission is implausible simply because of variation in speaker technology and quality and performance, but does that not assume some sort of analog transmission? You don't have to produce and listen to specific frequencies if you have a sequence of pulses that trigger something. Ever hear of number stations?
Also, we assume that things like data transmission by power cable and through power supplies is implausible, but only because we assume that there is not data link between power delivery and data transmission. Could there not be a gate somewhere that upon receiving a specific pulse of electricity opens for full data transmission or even just triggering a sequence of actions that are hard-coded into chip architecture through compromised specifications and standards?
I think we all have heard of the recent publications of NSA's involvement in compromising and deliberately implanting vulnerabilities for their own convenience. Right? If not, you should really read up on what is now public domain.
Although it might be scifi, if you look back on the disparity of technological capabilities in the civilian vs military and intelligence world of the past, you might get an extrapolated idea of how advanced technology developed under triple digit billions of dollars might be.
> For example, some may assume that sound based data transmission is implausible simply because of variation in speaker technology and quality and performance, but does that not assume some sort of analog transmission?
My personal beef with this theory is that you're assuming a consumer-grade microphone can pick up such frequencies in a manner that would be capable of inducing enough of a signal on a microphone to produce a sufficiently specific data pattern to somehow exploit underlying firmware, drivers, or whatever. Considering there's been speculation that an infected USB drive may have been shuttled between systems, it seems that the simplest explanation lends itself to the drive and not the microphone.
And yes, I have followed recent events with the NSA. I understand your suggestion that near-unlimited money can buy you almost anything, but there are many questions that this article doesn't answer. While I think Mr. Ruiu has stumbled upon something novel, I don't think it's nearly as magical or mysterious as some here have been making it out to be.
Besides, wouldn't it be relatively straightforward to demonstrate whether or not there is some capability of this malware to spread via a speaker-microphone route? Why not take a recording of known uninfected machines isolated in a room and then examine the sound signature later? The entirety of the experiment as related by Ars seems flawed (which I blame on the article, not on Mr. Ruiu, since he's been spending a great deal of time working on this), but the possibility that this may actually be tied to exploiting a vendor identifier in an infected USB device is in some ways much more sinister. Some other threads discuss that possibility in detail.
It would be magnificent if there were such an attack vector, but I can't shake the thought that it would have to be very specific to a certain subset of hardware or software.
The ShopKick app uses consumer grade microphones on iPhones to pick up ultrasound signals from in-store speakers so you can check-in automatically just by opening the app.
