The mysterious story of badBIOS

An amazing story was played out with information security expert Dragos Ruiu. He claims that even 3 years ago he managed to detect a virus that infects the BIOS, secretly spreading through a modification of flash card controllers and, most surprisingly, using ultrasound to communicate between infected machines produced by the system speaker of the motherboard!

Dragos first suspected something was wrong when his MacBook Air, on which he had just installed a new copy of OS X, spontaneously updated the boot firmware. He tried to boot from the CD-Rom, but he failed. It was found that the machine changes the boot settings without asking the user.

The expert launched Open BSD on the machine, but the oddities in behavior did not disappear. Still, the configuration changed without demand, moreover, a strange network activity was discovered via IPv6, which was completely disabled in the system. Even stranger was the ability of infected machines to transfer small chunks of data to other infected machines in close proximity, even when Wi-Fi and Bluetooth, Ethernet and power cables were physically disconnected!

Rui continued to deal with the mysterious virus and soon in his laboratory there were already several machines that were examined in isolation. Once, they searched for registry keys, probably related to the malware, on a clean machine that had just been updated with BIOS firmware. Suddenly, the system registry editor simply turned out to be locked. It was very strange. Physically disconnecting the devices on the motherboard, the expert came to the conclusion that the virus uses the built-in speaker and microphone to communicate between the machines, sending high-frequency signals. Further research showed that the list of vulnerable operating systems also includes various versions of Windows and Linux.



For the three years that Rui fought badBIOS, his infection mechanism remained a mystery. A couple of months ago, after buying a new computer, he noticed that he was almost immediately infected as soon as he inserted one of his memory cards into it. There were suspicions that the virus was reprogramming the flash controller for its spread.

Rui claims that badBIOS is only the initial module of a multi-level malware that has the ability to infect Windows, Mac OS X, BSD and Linux. For those wishing to dig in personally, he posted dumps of the infected (in his opinion) BIOS.

The story is similar to fiction and an attack of paranoia, but someinformation security experts tend to trust the words of Dragos, and the expert himself is a rather respected person in his midst. And given the recently revealed NSA activity, the Stuxnet , Duku and Flame viruses , the story no longer looks so unrealistic, maybe we are faced with yet another high-tech brainchild of some powerful intelligence agency.

Other experts, on the contrary, are skeptical of Rui's hypotheses. The recognized authority on information security, Bruce Schneier, has actually declined to comment so far, as I didn’t have the opportunity to personally investigate this “virus”.

UPD: Uncle split and admitted that he was joking :)