Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security researcher says new malware can affect your BIOS; be transmitted via the air

Ian Paul | Nov. 4, 2013
BadBIOS is supposedly capable of resisting erasure if someone reinstalls (known as flashing) the BIOS firmware. It is also platform-independent, which means it can infect and work across a wide array of PC operating systems

Rip out your computer's microphone and webcam, turn off your Bluetooth, and put on your tinfoil hats, it's "super amazing crazy security storytime."

A noted security researcher says he has found a new type of malware that can affect some of the lowest levels of your machine. Even more surprising, this bit of nasty code could be the first example of an airborne computer virus.

No, I'm not talking about Wi-Fi downloads, but input signals converted into code by your laptop's microphone. The new malware is dubbed badBIOS by Dragos Ruiu, the security researcher who says he uncovered it.

Ruiu recently told Ars Technica that he's been tracking down badBIOS for the past three years. Since badBIOS is reportedly a crafty piece of code, all he has right now is a working theory about how the malware works.

The thing is...
The one nagging detail about badBIOS is that Ruiu is the only person making these claims, and he has yet to produce enough evidence for other security researchers to independently examine.

But Ruiu, who organizes the CanSecWest and PacWest security conferences , is respected enough that many fellow researchers are hesitant to outright discredit his claims as pure fantasy. Still, without independent verification of Ruiu's claims, it's impossible to know for sure whether badBIOS is the real deal or not.

badBIOS
If you want a more detailed explanation of badBIOS, check out the Ars Technica article linked to above, but here are the basics.

As its name suggests, badBIOS infects your machine's BIOS—the small bit of firmware that prepares your machine before booting the operating system. If you've ever pressed a key like F2 shortly after your computer boots and then gone to a screen that looks like it was built on a Commodore Vic 20, that's the BIOS.

Once a machine is infected, badBIOS gets to work inserting malicious code inside the operating system itself.

Malware that starts by attacking the BIOS isn't unheard of, but most bits of bad code typically attack weaknesses in standard targets that live inside the operating system, such as Adobe Reader or a Java browser plugin.

BIOS malware could be more effective since it's harder to track down, and fixing it is beyond the capabilities of the majority of PC users.

But what really sets badBIOS apart is that it is supposedly capable of resisting erasure if someone reinstalls (known as flashing) the BIOS firmware. BadBIOS is also platform-independent, which means it can infect and work across a wide array of PC operating systems that include Windows, OS X, Linux, and BSD, according to Ruiu.

BadBIOS can infect a machine in one of two ways, according to Ruiu's current theory. It can get onto a machine through an infected USB stick—a textbook infection method—or by sending high-frequency signals that get picked up by an uninfected PC's microphone.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.