While the debate rages on as to whether malware like badBIOS could theoretically “jump the air gap” between systems connected to the Internet and those that are isolated because of their critical nature, the U.S. Navy is nonetheless expressing concern.
“If you take a cybernetic view of what’s happening, right now [the Navy’s] approach is unplug it or don’t use a thumb drive,” said retired Capt. Mark Hagerott, who warned that if hackers “are able to jump the air gap, we are talking about fleets coming to a stop.”
Hagerott made the comment at the recent Defense One conference in reference to not only the risk of a tainted USB drive or other removable device infecting protected systems, but also in regards to the possibility that malware could transmitted via high-frequency sound waves and target critical networks.
The theoretical “badBios” malware notion has been causing a stir in the security fiend ever since researcher Dragos Ruiu asserted he believes he observed encrypted data packets being transmitted between an infected laptop and an unconnected badBIOS-infected system in close proximity, effectively jumping the air gap with ultra-sonic sound waves.
After disabling the laptop’s speaker and microphone, Ruiu said the communications ceased. If confirmed to be the case, badBIOS-like malware could contront the Navy and others with isolated systems with an entirely new attack vector.
“If you could jump the air gap, that would disrupt the world balance of power,” Hagerott said.
Read More Here…