badBIOS: The unstoppable malware that infects firmware, jumps 'Airgaps'

Himanshu Arora

Himanshu Arora

Posts: 902   +7
Staff

badbios airgaps

Can you imagine a computer malware that can make infected systems communicate even if they don't have any wireless hardware and physical connection between them? Seems like something straight out of a sci-fi movie, but Dragos Ruiu, a security consultant and the organizer of CanSecWest and PacSec conferences, has made some startling claims about a scary malware that manages just that by infecting the BIOS.

Here are some of the claims Ruiu made about the malware, which he termed "badBIOS", on Google+ and Twitter:

  • It is platform independent. Windows, OSx, BSD systems have been tested positive so far.
  • It can alter system settings, prevent infected systems to boot from CD drives.
  • The malware propagates through any USB memory stick after it is plugged from an infected system into an uninfected system.
  • The infected USB memory stick becomes unusable if ejected unsafely from an infected system. Strangely though, it works fine again when inserted back into the infected system.
  • It contains a hypervisor and uses a software defined radio (SDR) to jump Airgaps.
  • It can use the speakers of an infected machine to transmit data through ultrasonic transmissions that is received by the microphone of another infected machine.
  • It blocks reflashing software websites of Russian origin.
  • The malware renders infected systems useless for further research.

The malware first infected Ruiu's MacBook Air three years ago, though he doesn't know how. There have been reactions from many fellow security experts and most of them don't discard his claims right away. "If he says he's got an infected BIOS, I'm going to believe him", Robert Graham, a security expert, said in a blog post.

Ruiu will provide additional information about the malware at the PacSec conference scheduled to be held in Tokyo on November 13-14, 2013. In the meantime, you can read ArsTechnica's report on badBIOS and this analysis on reddit for more details.

Permalink to story.

https://www.techspot.com/news/54560-badbios-the-unstoppable-malware-that-infects-firmware-jumps-airgaps.html

 
None of us are safe! Lock your doors, cover your windows and get in your basement! It's happening!!
 
Himanshu Arora said:
Can you imagine a computer malware that can make infected systems communicate even if they don't have any wireless hardware and physical connection between them?
Click to expand...

I was hoping to learn of such a technology but it looks like that this malware does no such thing?
The speaker/microphone mention is a physical connection
 
lmike6453 said:
Himanshu Arora said:
Can you imagine a computer malware that can make infected systems communicate even if they don't have any wireless hardware and physical connection between them?
Click to expand...

I was hoping to learn of such a technology but it looks like that this malware does no such thing?
The speaker/microphone mention is a physical connection
Click to expand...

Same... I was hoping for a discussion on entanglement.

Getting information from a speaker is hi-tech?! Pfft! That whole mouth-to-ear data transmission has been around for a while. About time computers caught up. ;)
 
  • Like
Reactions: lmike6453
Reminds me of the wireless tech built into modern intel chips and some Amd ; this "security feature" allows certain radio signals to activate a computer wirelessly and have full access to the systems hardware giving those that know the signal( the feds; probably a few hackers and select corps) the ability to plant whatever they want on your drive or (drives). Personally that sounds very scary; of course if the government hates your existence or just want you gone they have other methods if not by framing then by the NDAA or Patriot act.
 
  • Like
Reactions: psycros
Absolute tosh ! I know nothing about the intricacies but really ? utter nonsense.. if a "badbios" had been sharing for 2 years to other networks and pc's with out anyone knowing it was there. %50 or some crazed random number of all machines would be infected.. scare tactics to increase Virus protection software... 4 PC's for the last 5 years that I know of .. owned by myself and close friends have not used any anti virus.. Unless you use "obvious dirty web sites" there aint much threat.. oh ye and don't open dirty links in emails xD
 
  • Like
Reactions: SNGX1275 and Arris
"It can use the speakers of an infected machine to transmit data through ultrasonic transmissions that is received by the microphone of another infected machine."

"It is platform independent. Windows, OSx, BSD systems have been tested positive so far."

It sure as hell isn't transmitting without an OS and/or internet connection being involved at some point or another. Especially since the OS hands over the (sound) data over to the audio driver which must translate the data in way that the compatible audio device can understand and then send that data back to the driver + OS after it leaves the device to be translated AGAIN. Can this BIOS VIRUS really translate data from all of these OSes, somehow contain a HYPERVISOR, and do all of the other things it says it can do? Without NEEDING the internet to download these functions? I think not. To me it seems it still needs a fully functioning computer WITH an OS, internet, and some extra space on a hdd/ssd for all those things it's supposedly able to do in order to work.... which most viruses use anyways. Not many viruses infect the bios but that's nothing new either. To me, it seems like anyone capable of understanding computers and a basic understanding of networking would notice this. This CAN'T be a small, practically undetectable virus for that matter... not WITH all of those functions. It's really just another bios virus that destroys/alters the cmos as usual but is maybe better at spreading than most cmos viruses... given the opportunity. The sound idea for data communication was creative for a virus though. Still, both machines must ALREADY be infected in order to communicate the data through sound waves anyways. Now if it could communicate using sound to an uninfected machine, somehow, THAT really would be scary.
 
insect said:
Guess you missed the part about "physical connection". Sound waves are a physical phenomenon.
Click to expand...
By that line of thought there is no such things as non-physical violence. And to be honest there is not much difference in sound wave versus radio waves. So by your reasoning Wifi signals are physical connections.
 
  • Like
Reactions: Burty117 and psycros
Air gap? I don't think so. Nothing air gapish about moving around a memory stick that is also bootable. Sheesh, nothing strange about this. An air gap defense mean nothing at all is connected to the safe machine. Nothing means what it sounds like.

Another way to avoid this completely is to use a bios with a read only jumper. Many have this feature since bios viri have been around for a decade.
 
Sound waves? Not going to happen. There is no way for a sound wave to be translated into program data even if the machine has a mike. That capability does not exist in any computer I have met and I have been programming since 1964 (vacuum tubes ).
 
I find that hard to believe. If you've been programming as long as you say, you are no doubt aware of something called a modem, which translates digital information (1's and 0's) into a waveform that is transmitted through copper wire.

Creating something to transform digital data to audio waves and back again is not out of the realm of possibility. Its the basis on how a microphone connected to your computer works in the first place.
 
A computer does not have a modem built in. Evan if it did it still would not convert the sounds it hears into executable code. If both machines were infected as stated it would be possible to create some noise that could be received by a microphone and converted to code. The rate at which this could be done would probably be limited to a rate of a few hundred bytes per second at best. Computer loudspeakers are not the best in the world. Not only would the rate be very limited but so would the range. Extremely limited in fact. I have done a lot of work with computers at the design level, assembly programming and up from there. That includes some very unusual experimentation with computer modified sound systems and sound sent over lasers.

A software defined radio is not happening at all. They require very special chips to operate.

At age 64 I have one of the very latest computer systems with 8 cores and 32 gigs of ram with a 760 nvidia video card. I keep up with everything that is going on. I am also a "specialist" in everything to do with sciences, from biology to astrophysics.
 
I think this writer needs to find new sources for his articles. I have conclude with everyone eles' answers. Almost everything that this virus says it can do is just literally impossible, and it would hit worldwide by now if its been ongoing for 2 years.
 
I will reserve opinion until after Steve Gibson does an analysis. He debunks a lot of panic and theory.
 
I remember reading about this from Malwarebytes. They questioned the validity of the claims also.
 
If the virus accesses the mic and speakers of a computer than, yes, of course it could use this to transmit sound and decode it back to data. Very very old technology. However, the speakers and mics in the vast majority of computers can not playback or pickup ultrasonic frequencies (>20khz) amongst other issues.
 
spencer said:
Reminds me of the wireless tech built into modern intel chips and some Amd ; this "security feature" allows certain radio signals to activate a computer wirelessly and have full access to the systems hardware giving those that know the signal( the feds; probably a few hackers and select corps) the ability to plant whatever they want on your drive or (drives). Personally that sounds very scary; of course if the government hates your existence or just want you gone they have other methods if not by framing then by the NDAA or Patriot act.
Click to expand...

This is unquestionably what's going on, assuming there's an iota of truth here. The virus would clearly be Spookware designed to exploit backdoors the industry was forced to include in newer chipsets. This wouldn't be the slightest bit surprising given that our worse fears about the NSA have been confirmed.
 
That is the most unlikely yet. Computer cases are intentionally designed to NOT emit radio frequency noise so they will not interfere with other radio frequency devices both in the home and in business. Further, hiding such devices on a motherboard is not at all easy, especially when one knows the function of every single device on the board.

The closest they have come is to detect RF emitted by the video signals from the video cables and the monitors. Under ideal conditions it is possible to rebuild the signal to display the image on the screen. That has become far harder to do with the advent of LCD screens. They use far lower power signals so the RF from them is far shorter range.
 
  • It can use the speakers of an infected machine to transmit data through ultrasonic transmissions that is received by the microphone of another infected machine.

BS. I call Hoax. No way are we technologically advanced enough to send Data through sound waves.
 
You must log in or register to reply here.

Similar threads

TS Dealmaster
  • Locked
Get a Microsoft Office lifetime license for $29, no subscription required
Replies
0
Views
871
TS Dealmaster
TS Dealmaster
Daniel Sims
Age of Empires 2 to receive its 11th expansion while celebrating 25 years
Replies
0
Views
120
Daniel Sims
Daniel Sims
Jimmy2x
New HTTP/2 vulnerability leaves servers in danger of devastating DoS attacks, even from a single TCP connection
Replies
4
Views
118
bviktor
B

Latest posts

Back