It’s enough of a nightmare to have malware of any sort, but the more persistent the stuff is, the scarier it gets. That’s why the rumours of badBIOS, a bug so bad that it can affect Macs and PCs and communicate itself wirelessly while the infected computers are being taken apart is terrifying. But maybe not entirely true.
The tale started about three years ago, when security expert Dragos Ruiu noticed his MacBook Air suspiciously update its firmware, of its own accord. And from there on, things started getting weird. Ruiu explained to Ars Technica:
A computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting. … Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed.
It sounds like straight-up black magic, but there’s a possible explanation that’s almost crazier. These infected computers were communicating to each other using ultra-sonic cheeps and chirps, blasting small packets of data through the air with speakers and microphones so long as they could receive the smallest amount of power.
Again, from Ars Technica:
Ruiu posited another theory that sounds like something from the screenplay of a post-apocalyptic movie: “badBIOS,” as Ruiu dubbed the malware, has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps.
It’s a wonder that malware this resilient hasn’t already taken over the world, right? Well, it could be because all of this is a little bit crazy. There’s a lot of scepticism out there, and pretty convincing scepticism at that.
Phillip R. Jaenke of RootWyrm’s Corner offers a laundry list of reasons why badBIOS, as horrifyingly pitched, is impossible. It would be very detectable, for instance, and the concept of communicating information between infected computers across the air is possible but very hardware reliant. In short, badBIOS is almost certainly not the security nightmare it’s being made out to be.
In Jaenke’s words:
First of all, yes, [air gapping] is absolutely possible in theory and there have been proof of concepts using FPGAs and unshielded boards. ProTip: your laptop or desktop meets zero of these conditions period.
…In theory it is possible to release an extremely resilient and resistant BIOS level piece of malware. It also would only ever infect one specific machine ever, period. It also would not be even remotely capable of escaping detection using basic diagnostic techniques. Not even advanced security techniques; just basic BIOS diagnostics.
So for the time being, you should be safe, regardless of what you hear about the coming, undefeatable, BIOS-level plague. But there’s plenty of other stuff to be afraid of out there. Be careful. [RootWyrm’s Corner via Schneier on Security]