Ars Technica Article on “badBIOS,”

wes

Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps



Like a super strain of bacteria, the rootkit plaguing Dragos Ruiu is omnipotent.


Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn't know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours.

Click here for full article

Saw this interesting article, and honestly not sure if this is some kind of hoax or not, as some of the stuff is hard to believe. Had a look at the security researchers twitter, and he has been talking about it for at least a few days with other people, sharing logs and what not. So if its a hoax, its a pretty elaborate one.

So basically scary stuff if this is true.

liamo

I started to read the article and was ready to dismiss it as a hoax as some of the claims wouldn't have seemed out of place in an April 1st article.

But as I read more and my questions started to be answered it started to seem more believable. Given the lengths that certain agencies seem to have gone to in order to surveil the world and to break certain types of centrifuge, I'm ready to believe most things.

If true, it is scary stuff indeed.

syklops

has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps.

Really don't know what to make of this or any of it really.

Khannie

I haven't read the article, but that is pretty lol.

gouche

The whole thing reads like a giant hoax.
Everyones going mad over it - claiming it's US government black ops:pac:

Khannie

Well, the high frequency thing does have some merit:

Ruiu said he arrived at the theory about badBIOS's high-frequency networking capability after observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility that it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.

Interesting read anyway.

syklops

Well, the high frequency thing does have some merit:

When you said it does have some merit I thought you were going to quote an article describing high frequency traffic analysis or something, but you then quoted from the same article. It talks about "packets". Packets which only stopped after the speaker was removed. Can we see these packets?

h57xiucj2z946q

Hmmmm http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/

oscarBravo

Stetson Noisy Sweater wrote: »

Hmmmm http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/

I have to say, that rings a lot more true to me than the initial claim.

wes

Stetson Noisy Sweater wrote: »

Hmmmm http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/

Found some more scepticism in regards to Bad BIOS:

Researcher skepticism grows over badBIOS malware claims


Ok looking like the guy just got this wrong, and it may be more a case of paranoia going too far.