BadBIOS – The Next Big Thing in Malware – or a Hoax?

Scott Calonico

malware imageImagine a computer virus than can infect a computer or server at BIOS level.

Imagine that it could compromise systems running Windows, Mac OS or UNIX.

Then, imagine that it could move between computers that aren’t even connected to a network.

It all sounds rather like something out a low-budget science fiction movie, but right now, a respected IT security consultant is convinced such a thing exists – and although plenty of techies are skeptical, nobody has yet to disprove his theory (at least at the time of writing).

In the Beginning...

Dragos Ruiu began to notice some strange happenings on his computers. First, a Macbook appeared to dragos ruiuupdate its own firmware, after which it refused to boot from CD and seemed to change settings by itself.

Some time later, another of Ruiu’s machines, this time running the Open BSD flavor of UNIX, started to exhibit similar symptoms.

Despite re-flashing CMOS chips and reinstalling everything from scratch, the “virus” seemed to reappear after a short while.

Then things got really weird: Ruiu tried to isolate a clean machine, keeping it off the network, and it still managed to get “infected.” He started to wonder if the virus was using sound waves to transmit the virus between disconnected machines. Only by disabling speakers and microphones was he able to stop the malware reappearing.

The Skeptics Chime In

Technical experts are understandably skeptical. None really seem to disagree that it’s possible to introduce BIOS-level firmware using a USB stick, the original transmission method Ruiu suspects, but fewer are convinced by the sound wave transmission theory. Even though some research has been done into transmitting data in this fashion, the way PC speakers are shielded should make this theoretically impossible.

Dragos Ruiu has made some of his equipment and disk images available to fellow security experts in the hope that they can support his theories. At the time of writing, this has only increased skepticism. Security researcher Triulzi has examined much of the data and reported publicly that he’s unconvinced.

However – and this is the crucial part – nobody has managed to disprove Ruiu’s theory. If he’s right, there may be a virus out there that no current Internet security product would know what to do with. Even if Ruiu is mistaken, we can be sure that this incident is giving cyber criminals a few new ideas.

So if you encounter a PC that suddenly refuses to boot from CD, perhaps you should contact Ruiu. You may just be the next victim of “BadBIOS.”