BadBIOS

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

BadBIOS is an alleged advanced persistent threat reported by network security researcher Dragos Ruiu in October 2013[1][2] with the ability to communicate between instances of itself across air gaps using ultrasonic communication between a computer's speakers and microphone.[3][4] To date, there have been no proven occurrences of this malware.

Ruiu claims the virus is able to infect the BIOS of Windows, Mac OS X, BSD and Linux as well as spread infection over USB flash drives.[4] Rob Graham of Errata Security produced a detailed analysis[5] of each element of the claims about BadBIOS's capabilities describing the software as "plausible", whereas Paul Ducklin on the Sophos Naked Security blog[6] suggested "It's possible, of course, that this is an elaborate hoax".[1] After Ruiu posted data dumps which supposedly demonstrated the existence of the virus, "all signs of maliciousness were found to be normal and expected data".[7]

In December 2013 computer scientists Michael Hanspach and Michael Goetz released a paper to the Journal of Communication demonstrating the possibility of an acoustic mesh networking at a slow 20 bits per second using a set of speakers and microphones for ultrasonic communication in a fashion similar to BadBIOS's described abilities.[8][9]

See also[edit]

References[edit]

  1. ^ a b Leyden, John (1 Nov 2013). "Indestructible, badass rootkit BadBIOS: Is this tech world's Loch Ness Monster? VOTE NOW". Retrieved 30 December 2014. 
  2. ^ https://arstechnica.com/information-technology/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
  3. ^ Grimes, Roger A. (Nov 12, 2013). "4 reasons BadBIOS isn't real". Retrieved 30 December 2014. 
  4. ^ a b Goodin, Dan (31 Oct 2013). "Meet "badBIOS," the mysterious Mac and PC malware that jumps airgaps". Retrieved 31 December 2014. 
  5. ^ Graham, Robert. "#badBIOS features explained". Retrieved 30 December 2014. 
  6. ^ Ducklin, Paul. "The "BadBIOS" virus that jumps airgaps and takes over your firmware - what's the story?". Retrieved 30 December 2014. 
  7. ^ Grimes, Roger A. "New NSA hack raises the specter of BadBIOS". Retrieved 7 September 2015. 
  8. ^ Hanspach, Michael; Goetz, Michael (November 2013). "On Covert Acoustical Mesh Networks in Air" (PDF). Journal of Communications. 8 (11): 758–767. doi:10.12720/jcm.8.11.758-767. 
  9. ^ Leyden, John (5 Dec 2013). "Hear that? It's the sound of BadBIOS wannabe chatting over air gaps". Retrieved 30 December 2014.