On Friday arstechnica published a longer story on Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps.
The author talks about a virus/rootkit discovered by Dragos Ruiu, (organizer of CanSecWest and PacSec). The plot looks like a bad Hollywood movie. He describes strange behavior of machines that are completely new, setup from scratch, sometimes never connected to any network but still seem to be infected by malware attacking the BIOS, e.g. making it impossible to boot from DVD:
In the following months, Ruiu observed more odd phenomena that seemed straight out of a science-fiction thriller. A computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting. His network transmitted data specific to the Internet’s next-generation IPv6 networking protocol, even from computers that were supposed to have IPv6 completely disabled. Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed. Further investigation soon showed that the list of affected operating systems also included multiple variants of Windows and Linux.
When I read the story, it kind of got me thinking: if it is real, it is really bad as Ruiu did not yet figure out how the thing spreads nor was he able to get hold of the code. On the other hand, nobody else seems to have seen the attack so far. Sounds like Stuxnet without the collateral damage seen in this attack.
So, this makes you think whether it really can be true â€“ there is a lot of skepticism on Twitter as well: #badBIOS.
If you want to read a counter-analysis: The badBIOS Analysis Is Wrong.
Softpedia now published another article: BadBIOS Malware: Reality or Hoax? where they raise quite some questions as well. It seems that there are still missing a lot of proof points in this case â€“ technically, everything seems feasible but needs a lot of work. So, let’s assume at the moment that the threat is not as bad as it was looking but â€“ at the same time â€“ let’s keep our eyes open
- BadBIOS Malware: Reality or Hoax? (news.softpedia.com)
- AmericanKabuki – Meet “badBIOS,” The Mysterious Mac And PC Malware That Jumps Airgaps – 2 November 2013 (lucas2012infos.wordpress.com)
- ‘badBIOS:’ Mysterious Malware Forces People to Erase Complete Systems (theepochtimes.com)
- The One About BadBIOS (cryptogon.com)
- badBIOS: Next-gen malware or digital myth? (infoworld.com)
- badBIOS: airgap-jumping malware that may use ultrasonic networking to communicate (boingboing.net)