I honestly can't take this guy seriously as he claims to be a pro security researcher.
He soon theorized that infected computers have the ability to contaminate USB devices and vice versa.
Really? Did it take him 3 years to come up with that theory? This was too obvious from the start. If you got infected you better check your USB thumbdrives and anything associated or attached to the infected computer. I bet he used the infected thumbdrive on the PC which he claimed to be air-gapped with a clean OS install from CD. The article never mentions exactly how the system was isolated and tested. Did he firmware flash it, installed the OS, and then used a USB thumbdrive that he thought was clean but was really infected? Or did he actually isolate it by firmware flashing, installing the OS from CD, and then make sure all wireless connections are disabled and completely isolated the system from any network access, and then used a freshly bought USB thumbdrive on the system and then the thumbdrive got infected? Cause if he did this then yeah the malware would be scary and complicated because it would be hiding itself onboard the laptop's flashable ROM space somewhere.
He still doesn't know if a USB stick was the initial infection trigger for his MacBook Air three years ago, or if the USB devices were infected only after they came into contact with his compromised machines, which he said now number between one and two dozen.
More than likely his USB thumbdrive got infected from one machine and passed it on to the other machines. But since the malware has been claimed to be so well written it would've been difficult to use an A/V to scan for it anyways. On Windows PC's most organizations make you scan your USB drive for virus infections before you're allowed to use them on those PC's. But honestly most people are too lazy to do it because if you have a lot of files on USB it will take a while to scan them all. The article makes no attempt to explain how this guy even uses his USB thumbdrives and did he even practice the best security practices being a pro security researcher and all? Most people will just brush it off and never do a virus scan on USB thumbdrives because it takes time. So they are under the assumption that their drive is safe and fine with no infections.
Ruiu said he arrived at the theory about badBIOS's high-frequency networking capability after observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer.
Instead of continuing to further make a bunch of theories, why not test it? Anyone can make theories all day long but until they're actually tested it's still only a theory and there's no validation in what the malware uses for communication. The idea of using high frequency noise on speakers is not as farfetched as it sounds. I remember back when I got my first computer I didn't have a microphone and I used my speakers as a microphone wiring it to the microphone jack; so it is plausible for high frequency 2 way communications through speakers. But without any testing validating the claims of the theory it remains just that, a theory.
Microphones and speakers are really that similar, tutorial:
With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on.
Still no word on any testing methods and no confirmation of the theory that high-frequency is used.
Originally Posted by mth
There are some simple tests that could confirm or deny several of these theories. For example, connect an oscilloscope to the speaker pins and check if there is a high-frequency signal there. Find a PC with a BIOS flash ROM that is either socketed or can easily be desoldered, wait for it to exhibit infected behavior, pull out the chip, image it and compare the image to the image installed by the firmware updater.
It is odd, to say the least, that a security consultant wouldn't have tried things like this if he thinks his lab has been infected for three years.
This is what a user commented and suggested. Why not try it and confirm the theory instead of continuing to make new theories?
The only thing I can conclude that this is bad journalism and the author did not do enough homework digging into the information. I mean really look at the article title "Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps" that is a pretty bold claim with the jumping airgaps without any solid proof. There's no proof of verifiable facts in the article that make the claims of "jumping airgaps" true. The author said he's been writing journalism for 17 years, I would've expected better from Arstechnica and somebody with 17 years of writing experience. Maybe if the headline was "Meet "badBIOS," the mysterious Mac and PC malware that can possibly jump airgaps" then I'd see the article as slightly more accurate as there's no conclusive data that verifies it really does that.Bios viruses aren't new
and even a poster on Reddit provided a link to readily available rubber ducky USB drives that can easily hijack your system.
Here's also a proof of concept video pointed out by a Redditor showing Mitnick explain how you could carry out an attack using a micro-controller which are basically on every USB thumbdrive in existence.
Plot twist, the NSA wrote this program in order to spy on us citizens just in case someone blew the whistle on the PRISM program. But really, what is the purpose of this malware besides hijacking? Stealing data? I don't see any other usage for this malware besides spying or stealing data.