An artistic representation of a red Moon, hovering over the Earth

Is That The Moon Worming Its Way Into Your BIOS?

January 23, 2022 by Arya Voronova 52 Comments

When facing a malware situation, the usual “guaranteed solution” is to reinstall your OS. The new developments in malware world will also require you to have a CH341 programmer handy. In an arguably inevitable development, [Kaspersky Labs] researchers have found an active piece of malware, out in the wild, that would persist itself by writing its bootstrap code into the BIOS chip. It doesn’t matter if you shred the HDD and replace it with a new one. In fact, so-called MoonBounce never really touches the disk at all, being careful to only store itself in RAM, oh, and the SPI flash that stores the BIOS code, of course.

MoonBounce is Microsoft-tailored, and able to hook into a chain of components starting from the UEFI’s DXE environment, through the Windows Loader, and finishing as a part of svchost.exe, a process we all know and love.

This approach doesn’t seem to be widespread – yet, but it’s not inconceivable that we’ll eventually encounter a ransomware strain using this to, ahem, earn a bit of extra cash on the side. What will happen then – BIOS reflashing service trucks by our curbsides? After all, your motherboard built-in BIOS flasher UI is built into the same BIOS image that gets compromised, and at best, could be disabled effortlessly – at worst, subverted and used for further sneaky persistence, fooling repairpeople into comfort, only to be presented with one more Monero address a week later.

Will our hardware hacker skills suddenly go up in demand, with all the test clip fiddling and SOIC-8 desoldering being second nature to a good portion of us? Should we stock up on CH341 dongles? So many questions!

This week’s installment of “threat vectors that might soon become prevalent” is fun to speculate about! Want to read about other vectors we might not be paying enough attention to? Can’t go wrong with supply-chain attacks on our repositories! As for other auxiliary storage-based persistence methods – check out this HDD firmware-embedded proof-of-concept rootkit. Of course, we might not always need the newfangled ways to do things, the old ways still work pretty often – you might only need to disguise your malicious hardware as a cool laptop accessory to trick an average journalist, even in a hostile environment.

Continue reading “Is That The Moon Worming Its Way Into Your BIOS?” →

Moon Bouncing And Radar Imaging With LoRa

December 3, 2021 by Ryan Flowers 16 Comments

The LoRa radio protocol is well known to hardware hackers because of its Long Range (hence the name) but also its extremely low power use, making it a go-to for battery powered devices with tiny antennae. But what if the power wasn’t low, and the antenna not tiny? You might just bounce a LoRa message off the moon. But that’s not all.

The team that pulled off the LoRa Moonbounce consisted of folks from the European Space Agency, Lacuna Space, and the CA Muller Radio Astronomy Station Foundation which operates the Dwingeloo Radio Telescope. The Dwingeloo Radio Telescope is no stranger to Amateur Radio experiments, but this one was unique.

LoRa Moonbounce plotted for doppler shift by frequency — A radar image of the moon generated from LoRa Moonbounce

Operating in the 70 cm Amateur Radio band (430 MHz) meant that the LoRa signal was not limited to the low power signals allowed in the ISM bands. The team amplified the signal to 350 Watts, and then used the radio telescope’s 25 Meter dish to direct the transmission toward the moon.

The result? Not only were they able to receive the reflected transmission using the same transceiver they modulated it with — an off the shelf IOT LoRa radio — but they also recorded the transmission with an SDR. By plotting frequency and doppler delay, the LoRa transmission was able to be used to get a radar image of the moon- a great dual purpose use that is noteworthy in and of itself.

LoRa is a versatile technology, and can even be used for tracking your High Altitude Balloon that’s returned to Terra Firma.

Bouncing Signals Off The Moon

October 1, 2019 by Al Williams 28 Comments

One of the great things about ham radio is that isn’t just one hobby. Some people like to chit chat, some like to work foreign countries, some prepare for emergencies, and there are several space-related activities. There are hundreds of different kinds of activities to choose from. Just one is moonbounce, and [Ham Radio DX] decided to replicate a feat many hams have done over the years: communicate with someone far away by bouncing signals from the moon.

The set up is pretty sophisticated but not as bad as you might imagine. You can see that they spend a lot of time getting the equipment aligned. A known reference point helps them set the position of the antenna. A GPS keeps both stations in sync for frequency and time.

Continue reading “Bouncing Signals Off The Moon” →