In episode 11, I made some comments about wiping a compromised system rather than trying to clean it. I saw in my twitter feed a bit ago that the 2013 Shmoocon videos were posted. I looked through and one talk stuck out and I wanted to share here, given my comments: Wipe The Drive – Techniques for malware persistence..
Basically, the presenters show why it’s such a bad idea to simply clean a computer after a virus infection. I like to think this is common knowledge, but I meet people daily who so not understand the reasons behind taking this draconian approach.
It appears life is just getting more difficult..
Proof of concept at last.
hhttp://threatpost.com/acoustical-mesh-network-used-to-infect-air-gapped-computers/103079
Out with the speaker, microphone, bluetooth, wireless capability and plug those usb/sd card ports with epoxy.
Looks like we need a two system job site. One isolated wifi for everyone to use their phones and pads to check email, skype, and general customer service and one server system that can only be talked to by keyboard.
The question is where else can code be hidden besides usb,SSDs and what else could be used as a receiving antenna, Usb contacts?
Indeed. We covered this I’m episode 73: https://defensivesecurity.org/defensive-security-podcast-episode-73/
So far there isn’t evidence that this is happening in the wild, but it could just be a matter of time. Having said that, this research doesn’t give the ability to infect an otherwise clean computer, so I think the guidance to reimage systems is still valid, for now without needing to worry about speakers & microphones.