badBIOS: The unstoppable malware that infects firmware, jumps 'Airgaps'

  1. Can you imagine a computer malware that can make infected systems communicate even if they don't have any wireless hardware and physical connection between them? Seems like something straight out of a sci-fi movie, but Dragos Ruiu, a security consultant...

    Read more
  2. treeski

    treeski TS Evangelist Posts: 954   +193

    Scary stuff
  3. CyberFlux

    CyberFlux TS Member

    None of us are safe! Lock your doors, cover your windows and get in your basement! It's happening!!
  4. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,430   +2,822

    ^^^ Mockery, so not funny!
  5. CyberFlux

    CyberFlux TS Member

    There's nothing funny about BadBIOS
  6. lmike6453

    lmike6453 TS Enthusiast Posts: 100   +6

    I was hoping to learn of such a technology but it looks like that this malware does no such thing?
    The speaker/microphone mention is a physical connection
  7. No way do I believe this.
    SNGX1275 likes this.
  8. MilwaukeeMike

    MilwaukeeMike TS Evangelist Posts: 2,729   +1,092

    Same... I was hoping for a discussion on entanglement.

    Getting information from a speaker is hi-tech?! Pfft! That whole mouth-to-ear data transmission has been around for a while. About time computers caught up. ;)
    lmike6453 likes this.
  9. Burty117

    Burty117 TechSpot Chancellor Posts: 2,882   +638

    Speakers and microphones are not wireless technology -_- so yeah, the article is correct.
    psycros likes this.
  10. insect

    insect TS Evangelist Posts: 315   +114

    Guess you missed the part about "physical connection". Sound waves are a physical phenomenon.
    lmike6453 likes this.
  11. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,327   +1,930

    I wonder if the NSA will try it out on their systems.
  12. spencer

    spencer TS Addict Posts: 202   +22

    Reminds me of the wireless tech built into modern intel chips and some Amd ; this "security feature" allows certain radio signals to activate a computer wirelessly and have full access to the systems hardware giving those that know the signal( the feds; probably a few hackers and select corps) the ability to plant whatever they want on your drive or (drives). Personally that sounds very scary; of course if the government hates your existence or just want you gone they have other methods if not by framing then by the NDAA or Patriot act.
    psycros likes this.
  13. Absolute tosh ! I know nothing about the intricacies but really ? utter nonsense.. if a "badbios" had been sharing for 2 years to other networks and pc's with out anyone knowing it was there. %50 or some crazed random number of all machines would be infected.. scare tactics to increase Virus protection software... 4 PC's for the last 5 years that I know of .. owned by myself and close friends have not used any anti virus.. Unless you use "obvious dirty web sites" there aint much threat.. oh ye and don't open dirty links in emails xD
    SNGX1275 and Arris like this.
  14. "It can use the speakers of an infected machine to transmit data through ultrasonic transmissions that is received by the microphone of another infected machine."

    "It is platform independent. Windows, OSx, BSD systems have been tested positive so far."

    It sure as hell isn't transmitting without an OS and/or internet connection being involved at some point or another. Especially since the OS hands over the (sound) data over to the audio driver which must translate the data in way that the compatible audio device can understand and then send that data back to the driver + OS after it leaves the device to be translated AGAIN. Can this BIOS VIRUS really translate data from all of these OSes, somehow contain a HYPERVISOR, and do all of the other things it says it can do? Without NEEDING the internet to download these functions? I think not. To me it seems it still needs a fully functioning computer WITH an OS, internet, and some extra space on a hdd/ssd for all those things it's supposedly able to do in order to work.... which most viruses use anyways. Not many viruses infect the bios but that's nothing new either. To me, it seems like anyone capable of understanding computers and a basic understanding of networking would notice this. This CAN'T be a small, practically undetectable virus for that matter... not WITH all of those functions. It's really just another bios virus that destroys/alters the cmos as usual but is maybe better at spreading than most cmos viruses... given the opportunity. The sound idea for data communication was creative for a virus though. Still, both machines must ALREADY be infected in order to communicate the data through sound waves anyways. Now if it could communicate using sound to an uninfected machine, somehow, THAT really would be scary.
  15. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,430   +2,822

    By that line of thought there is no such things as non-physical violence. And to be honest there is not much difference in sound wave versus radio waves. So by your reasoning Wifi signals are physical connections.
    Burty117 and psycros like this.
  16. Air gap? I don't think so. Nothing air gapish about moving around a memory stick that is also bootable. Sheesh, nothing strange about this. An air gap defense mean nothing at all is connected to the safe machine. Nothing means what it sounds like.

    Another way to avoid this completely is to use a bios with a read only jumper. Many have this feature since bios viri have been around for a decade.
  17. Sound waves? Not going to happen. There is no way for a sound wave to be translated into program data even if the machine has a mike. That capability does not exist in any computer I have met and I have been programming since 1964 (vacuum tubes ).
  18. I find that hard to believe. If you've been programming as long as you say, you are no doubt aware of something called a modem, which translates digital information (1's and 0's) into a waveform that is transmitted through copper wire.

    Creating something to transform digital data to audio waves and back again is not out of the realm of possibility. Its the basis on how a microphone connected to your computer works in the first place.
  19. A computer does not have a modem built in. Evan if it did it still would not convert the sounds it hears into executable code. If both machines were infected as stated it would be possible to create some noise that could be received by a microphone and converted to code. The rate at which this could be done would probably be limited to a rate of a few hundred bytes per second at best. Computer loudspeakers are not the best in the world. Not only would the rate be very limited but so would the range. Extremely limited in fact. I have done a lot of work with computers at the design level, assembly programming and up from there. That includes some very unusual experimentation with computer modified sound systems and sound sent over lasers.

    A software defined radio is not happening at all. They require very special chips to operate.

    At age 64 I have one of the very latest computer systems with 8 cores and 32 gigs of ram with a 760 nvidia video card. I keep up with everything that is going on. I am also a "specialist" in everything to do with sciences, from biology to astrophysics.
  20. jester376

    jester376 TS Enthusiast Posts: 54

    I think this writer needs to find new sources for his articles. I have conclude with everyone eles' answers. Almost everything that this virus says it can do is just literally impossible, and it would hit worldwide by now if its been ongoing for 2 years.
  21. I will reserve opinion until after Steve Gibson does an analysis. He debunks a lot of panic and theory.
  22. NTAPRO

    NTAPRO TS Evangelist Posts: 810   +102

    I remember reading about this from Malwarebytes. They questioned the validity of the claims also.
  23. If the virus accesses the mic and speakers of a computer than, yes, of course it could use this to transmit sound and decode it back to data. Very very old technology. However, the speakers and mics in the vast majority of computers can not playback or pickup ultrasonic frequencies (>20khz) amongst other issues.
  24. psycros

    psycros TS Evangelist Posts: 1,294   +662

    This is unquestionably what's going on, assuming there's an iota of truth here. The virus would clearly be Spookware designed to exploit backdoors the industry was forced to include in newer chipsets. This wouldn't be the slightest bit surprising given that our worse fears about the NSA have been confirmed.
  25. That is the most unlikely yet. Computer cases are intentionally designed to NOT emit radio frequency noise so they will not interfere with other radio frequency devices both in the home and in business. Further, hiding such devices on a motherboard is not at all easy, especially when one knows the function of every single device on the board.

    The closest they have come is to detect RF emitted by the video signals from the video cables and the monitors. Under ideal conditions it is possible to rebuild the signal to display the image on the screen. That has become far harder to do with the advent of LCD screens. They use far lower power signals so the RF from them is far shorter range.
    • It can use the speakers of an infected machine to transmit data through ultrasonic transmissions that is received by the microphone of another infected machine.

    BS. I call Hoax. No way are we technologically advanced enough to send Data through sound waves.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...