It started three years ago when Dragos Ruiu noticed something bizarre: his MacBook Air, with a fresh install of OSX spontaneously updated the booting firmware. He soon discovered that this was no ordinary virus, but rather something truly spectacular, a virus so insidious, it’s been described as “Bigfoot” Here’s 5 Fast Facts about Badbios and Dragos Ruiu’ story.
1. The Virus May Have Spread Via ‘High-Frequency’ Sounds or ‘Ultrasound’
The most interesting part of the whole story is the allegation that the virus can “repair itself” using high-frequency sounds transmitting across the room. This diagram explains how this would work:
Essentially, in a room where there are multiple infected computers, the computers could talk to each other using high frequency sounds and each of their microphones and speakers. This means that even without a hardware or wireless or ANY real connection, the virus could steal “heal” itself, as it was secretly accessing the internet using sounds.
2. Some Are Claiming It’s Physically Impossible, It’s Not
Can't quite believe #badBIOS is legitimate. Maybe virus-in-font files? Could be. But not over an airgap. Physics doesn't work like that.
— Eric Hill (@conflection) October 31, 2013
It is exceedingly difficult and sophisticated, but in theory, it could be done.
For one, computer speakers can make sounds that the average person cannot hear. Explaining how this can be used to transmit data is a bit more complicated, however.
Imagine the keys of a piano. While on a real piano, a person can hear any key that is played, a computer can play “keys” that few people could hear. Imagine that the computer is playing an inaudible white key, and then an inaudible black key, switching between them (or playing them subsequently) at a rate of 8 keys per minute. For each white key it plays, it transmits a 1, and for each black key, it transmits a 0. Using this system, the computer could transmit “10010010” in one second.
Meantime, the other computer is “listening” to this sound, and every eighth of a second, it knows whether it has heard a “1” or a “0.”
While in this example the rate of data transmission is horrifically slow (one byte per second),it could be significantly faster in the hands of a skilled hacker.
Lending credence to the whole idea, the CEO of Errata Security said
“Really, everything Dragos reports is something that’s easily within the capabilities of a lot of people. I could, if I spent a year, write a BIOS that does everything Dragos said badBIOS is doing. To communicate over ultrahigh frequency sound waves between computers is really, really easy.”
3. The More Likely Culprit is USB Drives
Dragos said “The suspicion right now is there’s some kind of buffer overflow in the way the BIOS is reading the drive itself, and they’re reprogramming the flash controller to overflow the BIOS and then adding a section to the BIOS table.”
While both are possible, this form of transmission is much more plausible and simple.
An additional side effect is that CDs burned on infected computers have strange files:
4. Dragos has Released a File Containing Parts of the Infection
He posted this to Google+ on the 25th. Hopefully, as more people see the infected files, someone will figure out exactly what is happening:
5. Twitter is Blowing Up Over the Issue
The fascinating story, straight out of a sci-fi flick, is engrossing to security professionals and even laymen throughout the Twittersphere.
— adin (@adin) October 31, 2013
— Andy Wagner (@rarian) October 31, 2013