Can you imagine a computer malware that can make infected systems communicate even if they don't have any wireless hardware and physical connection between them? Seems like something straight out of a sci-fi movie, but Dragos Ruiu, a security consultant and the organizer of CanSecWest and PacSec conferences, has made some startling claims about a scary malware that manages just that by infecting the BIOS.
- It is platform independent. Windows, OSx, BSD systems have been tested positive so far.
- It can alter system settings, prevent infected systems to boot from CD drives.
- The malware propagates through any USB memory stick after it is plugged from an infected system into an uninfected system.
- The infected USB memory stick becomes unusable if ejected unsafely from an infected system. Strangely though, it works fine again when inserted back into the infected system.
- It contains a hypervisor and uses a software defined radio (SDR) to jump Airgaps.
- It can use the speakers of an infected machine to transmit data through ultrasonic transmissions that is received by the microphone of another infected machine.
- It blocks reflashing software websites of Russian origin.
- The malware renders infected systems useless for further research.
The malware first infected Ruiu's MacBook Air three years ago, though he doesn't know how. There have been reactions from many fellow security experts and most of them don't discard his claims right away. "If he says he's got an infected BIOS, I'm going to believe him", Robert Graham, a security expert, said in a blog post.
Ruiu will provide additional information about the malware at the PacSec conference scheduled to be held in Tokyo on November 13-14, 2013. In the meantime, you can read ArsTechnica's report on badBIOS and this analysis on reddit for more details.