Mysterious story badBIOS

An amazing story played out with information security expert Dragos Rui (Dragos Ruiu). He claims that 3 years ago he was able to detect a virus that infects the BIOS, secretly spreading through the modification of controllers of flash cards and, most surprisingly, using ultrasound from the motherboard's system speaker to communicate between infected machines!

For the first time, Dragos became suspicious when his MacBook Air, on which he had just installed a new copy of OS X, spontaneously updated the boot firmware. He tried to boot from the CD-Rom, but he failed. It was found that the machine without prompting the user to change the boot settings.

The expert launched on the machine Open BSD, but the oddities in the behavior did not disappear. Still, the configuration changed without demand, moreover, a strange network activity was detected using the IPv6 protocol, which was completely disabled in the system. Even more strange, the ability of infected machines to transfer small amounts of data to other infected machines in close proximity, even when Wi-Fi and Bluetooth, Ethernet cables and power cables were physically disconnected, turned out to be!

Rui continued to deal with the mysterious virus and soon there were already several machines in his laboratory that were investigated in isolation. Once, they were looking for registry keys, probably related to the evil one, on a clean machine that had just updated the BIOS firmware. Suddenly, the system registry editor just turned out to be blocked. It was very strange. Physically disabling devices on the motherboard, the expert concluded that the virus uses the built-in speaker and microphone for communication between the machines, sending high-frequency signals. Further research revealed that the list of vulnerable operating systems also includes various versions of Windows and Linux.
')


For three years that Rui struggled with badBIOS, his infection mechanism remained secret. A couple of months ago, after buying a new computer, he noticed that he was almost immediately infected as soon as he inserted one of his memory cards into it. There are suspicions that the virus will reprogram the flash memory controller for its distribution.

Rui argues that badBIOS is only the initial module of a multi-level malware that has the ability to infect Windows, Mac OS X, BSD and Linux. For those wishing to personally dig, he laid out dumps of an infected (in his opinion) BIOS.

The story is similar to science fiction and an attack of paranoia, but some information security experts tend to trust the words of Dragos, and the expert himself is quite a respected person in his environment. And given the recent activities of the NSA, the Stuxnet , Duku and Flame viruses, the story no longer looks so unreal, perhaps we are faced with yet another high-tech brainchild of some powerful special services.

Other experts, on the contrary, are skeptical of Rui’s hypotheses. The recognized authority on information security, Bruce Schneier, has actually refused to comment so far, since I was not able to personally investigate this "virus."

UPD: Uncle did split up and admitted that he was joking :)