I understand your skepticism, but I would not discount things simply because they do not fit in your frame of mind and assumptions. For example, some may assume that sound based data transmission is implausible simply because of variation in speaker technology and quality and performance, but does that not assume some sort of analog transmission? You don't have to produce and listen to specific frequencies if you have a sequence of pulses that trigger something. Ever hear of number stations?
Also, we assume that things like data transmission by power cable and through power supplies is implausible, but only because we assume that there is not data link between power delivery and data transmission. Could there not be a gate somewhere that upon receiving a specific pulse of electricity opens for full data transmission or even just triggering a sequence of actions that are hard-coded into chip architecture through compromised specifications and standards?
I think we all have heard of the recent publications of NSA's involvement in compromising and deliberately implanting vulnerabilities for their own convenience. Right? If not, you should really read up on what is now public domain.
Although it might be scifi, if you look back on the disparity of technological capabilities in the civilian vs military and intelligence world of the past, you might get an extrapolated idea of how advanced technology developed under triple digit billions of dollars might be.
> For example, some may assume that sound based data transmission is implausible simply because of variation in speaker technology and quality and performance, but does that not assume some sort of analog transmission?
My personal beef with this theory is that you're assuming a consumer-grade microphone can pick up such frequencies in a manner that would be capable of inducing enough of a signal on a microphone to produce a sufficiently specific data pattern to somehow exploit underlying firmware, drivers, or whatever. Considering there's been speculation that an infected USB drive may have been shuttled between systems, it seems that the simplest explanation lends itself to the drive and not the microphone.
And yes, I have followed recent events with the NSA. I understand your suggestion that near-unlimited money can buy you almost anything, but there are many questions that this article doesn't answer. While I think Mr. Ruiu has stumbled upon something novel, I don't think it's nearly as magical or mysterious as some here have been making it out to be.
Besides, wouldn't it be relatively straightforward to demonstrate whether or not there is some capability of this malware to spread via a speaker-microphone route? Why not take a recording of known uninfected machines isolated in a room and then examine the sound signature later? The entirety of the experiment as related by Ars seems flawed (which I blame on the article, not on Mr. Ruiu, since he's been spending a great deal of time working on this), but the possibility that this may actually be tied to exploiting a vendor identifier in an infected USB device is in some ways much more sinister. Some other threads discuss that possibility in detail.
It would be magnificent if there were such an attack vector, but I can't shake the thought that it would have to be very specific to a certain subset of hardware or software.
The ShopKick app uses consumer grade microphones on iPhones to pick up ultrasound signals from in-store speakers so you can check-in automatically just by opening the app.
Also, we assume that things like data transmission by power cable and through power supplies is implausible, but only because we assume that there is not data link between power delivery and data transmission. Could there not be a gate somewhere that upon receiving a specific pulse of electricity opens for full data transmission or even just triggering a sequence of actions that are hard-coded into chip architecture through compromised specifications and standards?
I think we all have heard of the recent publications of NSA's involvement in compromising and deliberately implanting vulnerabilities for their own convenience. Right? If not, you should really read up on what is now public domain.
Although it might be scifi, if you look back on the disparity of technological capabilities in the civilian vs military and intelligence world of the past, you might get an extrapolated idea of how advanced technology developed under triple digit billions of dollars might be.