CATEGORIES
home News

‘badBIOS’ Malware Discovered To Be Capable Of Transmission Over Unplugged Machines

by Rob WilliamsFriday, November 01, 2013, 02:00 PM EDT

In enterprise environments, it's long been accepted that keeping a particular machine "100%" safe requires little more than keeping it off of an external or internal network, making sure to disable its network devices - wired or otherwise - and of course, disabling its optical drives and USB ports. A machine can't get infected when all of its data transmission lines are closed, right?

Wrong, according to security consultant Dragos Ruiu and the league of colleagues that side by his research. Three years ago, Ruiu's MacBook Air was acting strange. The oddities began with an auto-updated EFI firmware, and later moved on to the disabling of the ODD and removal of some data. Typical trojan behavior - but this was no ordinary trojan.

When trying to get down to the bottom of the issue, Ruiu did what any security analyst would do: He removed points-of-entry into the computer one-by-one. He disabled the network, had the machine's Wi-Fi and Bluetooth cards removed, and even went as far as to unplug its power cord since, oddly enough, data could potentially be delivered that way.


Security consultant Dragos Ruiu - Credit Flickr: Foxgrrl

After all this, Ruiu's problems remained. After restoring his notebook, and keeping it off the network, his computer became infected almost immediately. Imagine installing a fresh copy of Windows, only to discover that registry access has been restricted. That's a situation Ruiu found himself in.

Ultimately, the problem stems from what he calls "badBIOS", where computers can use high-frequency noise to transmit data from one PC to another, over "air-gapped" machines (machines not connected to others). Further, bugs like this could be transmitted through connected speakers and microphones.

Is this the making of a great Halloween story, or what?

As complex as badBIOS is, it didn't come from nowhere: Ruiu established that it's initially delivered via USB. While that might not seem so surprising, we're not dealing with a simple autorun mistake or something of that nature - this goes beyond simple data stored on the USB device. Through the use of a potential buffer overflow via the USB connection, the bug can be planted that way. At this point, Ruiu isn't entirely clear on how this works, but he hopes to make use of some high-tech USB analyzing equipment soon to help figure it out.

What's disturbing about all of this is that despite how outlandish it seems, it's possible. It's a little scary, then, to consider the fact that PCs entirely off of a network with USB/ODDs disabled might still not be safe. Are we going to have to design our chassis in the future to block such transmissions? Let's hope not.

Tags:  security, Hacking, Enterprise, BIOS
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment