'BadBIOS' System-Hopping Malware Appears Unstoppable

JamesSneed · Nov 1, 2013

Did a little more looking into this. Looks like Dragos did notice a high pitch noise from his speakers and is now suspecting the virus to have written itself to RealTek audio chips firmware since it came back after a BIOS flash and fresh install of the OS. An audible high pitch noise is much more plausible way to communicate to another computer that already has the virus loaded in RelTek firmware. As implausible as that is, I suppose it is doable with typical PC hardware.

https

/plus.google.com/103470457057356043365/posts

mrmike_49 · Nov 1, 2013

sound spreading the virus - maybe it's playing subliminal rap music

InvalidError · Nov 1, 2013

How do you transmit data over sound to machines that lack the necessary software to actually receive and decode it in the first place? That part definitely does not make sense unless the machines were infected with the receiver software beforehand.

David Wishengrad · Nov 1, 2013

You can call BS all you want. Whatever the Truth is, is what it is.

First of all, we have not need nice speakers and microphones for a very long to to transmit and receive data over sound waves. Play around with using your soundcard in your computer as a modem. I successfully transmitted data over the microphone and speaker using prepackaged sound drivers and software freely available at then, over 10 years ago, old school radio sites. Search it yourself. If the opportunity presented itself to add a manufacturing problem/backdoor to most things it's possible that someone would exploit it, even if by accident. It might be BS, but it might not. It seems more likely he missed something he can't figure out. If he has the skills he says he does he should have already trapped it before going public, unless he is feeling very scared. I;d like to see how this pans out.

David Wishengrad · Nov 1, 2013

You can call BS all you want. Whatever the Truth is, is what it is.

First of all, we have not need nice speakers and microphones for a very long to to transmit and receive data over sound waves. Play around with using your soundcard in your computer as a modem. I successfully transmitted data over the microphone and speaker using prepackaged sound drivers and software freely available at then, over 10 years ago, old school radio sites. Search it yourself. If the opportunity presented itself to add a manufacturing problem/backdoor to most things it's possible that someone would exploit it, even if by accident. It might be BS, but it might not. It seems more likely he missed something he can't figure out. If he has the skills he says he does he should have already trapped it before going public, unless he is feeling very scared. I;d like to see how this pans out.

velo116 · Nov 1, 2013

There's a massive error in this article. I looked up the source on Arstechnica and apparently he isn't saying that the infection was transmitting to non-infected PCs via sound. He's saying infected PCs communicated via sound, which is an already proven concept.

David Wishengrad · Nov 1, 2013

The original article is at http

/arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
Dan's comments about his article are in the comments.

JamesSneed · Nov 1, 2013

Did a little more looking into this. Looks like Dragos did notice a high pitch noise from his speakers and is now suspecting the virus to have written itself to RealTek audio chips firmware since it came back after a BIOS flash and fresh install of the OS. An audible high pitch noise is much more plausible way to communicate to another computer that already has the virus loaded in RelTek firmware. As implausible as that is, I suppose it is doable with typical PC hardware.

https

/plus.google.com/103470457057356043365/posts

s_ken · Nov 1, 2013

Conspiracy theory: NSA has leaked into chip manufacturers' fabrication process to inject a hardware level backdoor in order to have access to every computer in the world. Then somebody "discovered" and exploited that backdoor...

How about that

...

David Wishengrad · Nov 1, 2013

velo116 ,

It also says, in so many words, that they may use sound waves to repair a base connection that has been disturbed by wipe to open a back door for something larger.

From what I can tell, the only NEW machine he stuck a USB stick in and THEN it was infected.
A: He never removed what is still there on the USB stick and the previously infected computers with a BIOS flash are still infected too and that's part of it.
B: He doesn't really have the expertise in this particular field of hacking.
C: I don't do this for a living, but have dealt with many infected machines and have seen all kinds. I think I would have ruled out every possibility carefully in the first few days for many of the questions that still remain leaving only whether this does anything by sound or not, by deduction alone. B is looking pretty good about now for me.

velo116 · Nov 1, 2013

There's a massive error in this article. I looked up the source on Arstechnica and apparently he isn't saying that the infection was transmitting to non-infected PCs via sound. He's saying infected PCs communicated via sound, which is an already proven concept.

rexter · Nov 1, 2013

He didn't sanitized his hands, that's why the other system got infected. The virus is actually called "Binary Houdini" its attracted to any system that works with binary codes. Hahaha!

David Wishengrad · Nov 1, 2013

JamesSneed , Nice, thank you!

I still stand by my comment that he doesn't appear to know what he's doing.

Dumping the bios of a sound card, motherboard, video card, cd/dvd drive, etc., doesn't mean a thing unless it's a very controlled procedure.

For some facts, the hacker community has been flashing cd/dvd drives for years. You may have seen a CD/DVD flash that makes your CD/DVD player region free. Yet, have you ever seen one that preforms this operation as expected, but then also erases the TOC pointer in memory for the disk and resets those values to the maximum allowed, allowing a full bit for bit dump of the entire disk to an image, no matter what? I have. If you didn't know this extra service was added, you would never think it was there unless someone told you it was. And that was a very long time ago. Who knows? Hopefully, we will find out soon now that it has world attention.

David Wishengrad · Nov 1, 2013

JamesSneed , Nice, thank you!

I still stand by my comment that he doesn't appear to know what he's doing.

Dumping the bios of a sound card, motherboard, video card, cd/dvd drive, etc., doesn't mean a thing unless it's a very controlled procedure.

For some facts, the hacker community has been flashing cd/dvd drives for years. You may have seen a CD/DVD flash that makes your CD/DVD player region free. Yet, have you ever seen one that preforms this operation as expected, but then also erases the TOC pointer in memory for the disk and resets those values to the maximum allowed, allowing a full bit for bit dump of the entire disk to an image, no matter what? I have. If you didn't know this extra service was added, you would never think it was there unless someone told you it was. And that was a very long time ago. Who knows? Hopefully, we will find out soon now that it has world attention.

David Wishengrad · Nov 1, 2013

Strange, I didn't post twice.

littleleo · Nov 1, 2013

We should wall him and all his devices up in his house, 6' of concrete over 3' of lead, and surrounded by 25 Peruvian pipers from the Andes mountains playing music 24/7. It's for the common good.

shin0bi272 · Nov 1, 2013

while updating the firmware to install a virus could do all the virus like symptoms hes talking about, the infection of any pc, mac, or linux box is where it seems fishy to me. About the only programming language that I know of that is cross platform is java and that would be a stretch to say its being used to rewrite bioses on different OSes. Its not out of the realm of possibility of there being an ultrasonic or infrasonic sound being used to transmit data... the problem is without a way for the target system to interpret what it's hearing ahead of time there's no way that system is going to get infected... did your other pc's in your house get an internet connection when you dialed a modem and it made screeching noises? no. So this is BS.

poorjournalism · Nov 1, 2013

It's using sound as command and control, allowing it control an infected computer that's not connected to the network. It does not spread via sound. It spreads via USB. The author of the article got it wrong.

poorjournalism · Nov 1, 2013

It's using sound as command and control, allowing it control an infected computer that's not connected to the network. It does not spread via sound. It spreads via USB. The author of the article got it wrong.

virtualban · Nov 2, 2013

I found the problem to fit the symptoms!
Hypnotic virus!!
The tech specialist is being hypnotized over time, and does not realize he visits an infected page and spreads the virus himself.
And the virus continues to hypnotize and brainwash other users, through subliminal messages flashed to the screen or through sound, too short to be perceived by the logical mind, but enough to influence the user's subconscious.

Otherwise, joining the army of people calling the story BS.

'BadBIOS' System-Hopping Malware Appears Unstoppable

Distinguished

Distinguished

Distinguished

Honorable

Honorable

Distinguished

Honorable

Distinguished

Honorable

Honorable

Distinguished

Distinguished

Honorable

Honorable

Honorable

Distinguished

Distinguished

Honorable

Honorable

Distinguished

Similar threads

Share this page