They're here....! HGST(WD) now shipping 6TB drives

[jgreco]

Yeah, communication between computers using audio shouldn't be too hard. But that's assuming both machines are already infected, in close enough proximity and their speakers/mic's can actually produce/record things accurately enough.

That part is true, but now add in a few bonus difficulty multipliers:

1) It has to be ultrasonic, because a computer generating lots of audible range noise would be drawing attention to itself,
2) Most computer audio hardware is designed to reproduce audio in the audible range, meaning that its ability to meaningfully reproduce and detect audio in the target range is questionable (especially if we assume mfr-provided mics and speakers ... aftermarket add-ons are of higher quality, admittedly)
3) Most computer audio hardware has custom drivers, so you'd need to be able to cope with at least several common variants of audio hardware,
4) The channel would not be "clean", because there would be likely be background noise, and taking a lot of CPU for DSP purposes might be noticed,
5) Multiple PC's would have to arbitrate access (only one talker at a time, we know how to do that with strategies like CSMA/CD) and also cope with the likely scenario that not all talkers could reliably hear each other,
6) This means that in the end, the bitrate available would be exceedingly low (guessing less than 300bps).

I could see this more easily being possible if it was a component that only worked while an OS was loaded and was able to piggyback on the audio driver resources of the victim OS...

So I'm not sure we're hearing an accurate story. Coming from an EE/CS background, sure, I concede it is possible, but WILL SOMEONE PUT A FRICKIN SCOPE ON THE SPEAKER-OUT PLEASE? I am disheartened that so much fuss has been made based on such a poor and (worse yet) vague claim: "Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped." Did they resume when the speaker/mic were reattached? What about when he took the machine to a different room?

 

[cyberjock]

I totally agree with everything you said. I was a little disappointed that they used such little information to come to the conclusion that it must have been network traffic that originated from the audio. For all we know he could have been streaming a song and when he unplugged the speaker-out the packets stopped because the application noticed there were no speakers and stopped the mp3 from a network share.

But yea, it's one of those things that certainly can and may be used by people that aren't on a timetable to provide large amounts of data. But even at low bitrates, if it is simply providing keypresses or passwords you don't need a high bitrate to provide the necessary data. A band pass filter can easily remove extra noise, then some filters and a known clock-rate would be easy to determine noise from bits even if some noise overlaps the "data" frequencies.

I think of this as something like the Stuxnet. In a targeted attack it might provide a useful function, and it might do it amazingly well. There are some obstacles to deal with, but nothing outside the realm of possible. But it's also hard to sit down and point a finger at exact situations where this might be useful to an adversary. But I'm sure that any adversary that knows about this technology(assuming its for real) will probably do testing and attempt to refine it and perhaps use it. For all we know this has been used for quite a few years.

Before Snowden came out and leaked all this information there was a lot of conspiracies out there that the government was collecting all this information on virtually every American and many other country's citizens. I think I speak for most people when it was one of those things that IT groups everywhere said "yeah.. it's technically possible, but what a PITA." It was dismissed as not being as big as it has been found to be because the government is so disorganized, so inefficient, etc. that this kind of thing just isn't really feasible and not something the government could really pull of. Well, now we know they really are doing it, and as a plot twist it seems to be getting bigger and bigger every week.

Nowadays I don't discount much of anything that isn't outside the realm of "possible". Especially where it comes to data collection of people. Up until this year most people didn't consider their own government(and/or the US government) to be a high security threat. Well, now we're finding out that this is just as bad as we had thought it "could" be possible to be. I'm waiting to see if this is going to lead to companies, businesses, and people taking security more seriously not to keep hackers out but to keep our own governments out.

I for one am glad I have a pfsense box and not one of those POS routers you can get at Best Buy and Wal-Mart. Of course, if all of the Windows boxes everywhere have a built-in backdoor then that super secure firewall isn't exactly particularly useful. If the government really wanted access to my box I tend to think they'd get access some other way, assuming they don't have a secret loophole to get through the pfsense box that nobody has caught.

 

[jgreco]

Is it paranoia when they really are out to track you?

 

[cyberjock]

Is it paranoia when they really are out to track you?

Hey! I used that a few weeks ago on a friend!

I'm confident that my life is too boring for the government to be investigating me personally. I don't do much of anything except play games and do stuff here. But I have wondered if they somehow have information that makes them think I'm a security risk or something.


When I got out of the Navy in 2006 and went to the VA hospital to help setup my after-military care they screened me for Agent Orange and all this other stuff. Why? Because for some reason they thought my birthday was 1950.

And since the government is so horrible at doing anything correctly, I have often wondered if they think I'm a really short woman, have a bunch of kids, and live off of welfare checks despite being a tall man with no children and no clue how I'd even sign up for welfare. I've read plenty of wacky stories with the government getting a bunch of info wrong, so how outlandish is it to assume they've screwed up the info they "think" they have on me?

 

[jgreco]

Hey! I used that a few weeks ago on a friend!

"Yes, we know."

 

[jgreco]

I'm a really short woman, have a bunch of kids, and [...] no clue how I'd even sign up for welfare.

Ma'am, we're from the government, and we're here to help. You can sign up for Illinois welfare by following the directions over here. If you are not sufficiently tall to reach the keyboard, please follow the directions on this page. If you require any further assistance, just let us know! We'll be sure to help.

 

[vegaman]

And since the government is so horrible at doing anything correctly, I have often wondered if they think I'm a really short woman, have a bunch of kids, and live off of welfare checks despite being a tall man with no children and no clue how I'd even sign up for welfare. I've read plenty of wacky stories with the government getting a bunch of info wrong, so how outlandish is it to assume they've screwed up the info they "think" they have on me?

Reminds me of when my family moved to England when I was younger. Somehow they got both my parents confused with different people, and thought my sister was my mum. So we kept getting a whole lot of letters, ranging from my dad being in an affair and living in a completely different county, my mum owing taxes for the jewellery store she 'owned' and my sister needing to confirm her employment as a teacher (my mum's actual job). I still haven't worked out how they got it so wrong.

 

[jgreco]

WOOOO! BLACK FRIDAY SPECIAL!!!!!

Hitachi Ultrastar He6 6TB 7200RPM SATA 6Gbps 64MB Cache 3.5-inch Internal Hard Drive Mfr P/N HUS726060ALA640


Normally $3824.52, BFS discount of $2294, you can have 6TB for the bargain price of $1529.81!

 

[Yatti420]

A little steep for me!.. An interesting product from Hitachi.. I'm assuming WD/Seagate have something similiar on the way?

 

[gpsguy]

Supposedly Seagate will release 5 & 6 Tb drives in 2014.

 

[cyberjock]

To be honest, I'm really not expecting these helium filled drives to make it to general public consumption. We shall see though.

 

[jgreco]

Now available in the retail market.

http://www.amazon.com/dp/B00GTD3AR2/?tag=ozlp-20

$800.

 

[Michael Wulff Nielsen]

I think they might be very good. In high performance cars we use nitrogen in the tires to minimize changes in pressure due to temperature changes. Helium would be a good match for the harddrives and probably make them a little more resistant to those changes.

 

[jgreco]

Amazing the things they'll do to pack in more platters.