Overclock.net › Forums › Industry News › Technology and Science News › [RootWyrm] The badBIOS Analysis Is Wrong.
New Posts  All Forums:Forum Nav:

[RootWyrm] The badBIOS Analysis Is Wrong.

post #1 of 6
Thread Starter 
Quote:
Originally Posted by Phillip Jaenke 
Look, I’m not known for pulling punches and I’m not about to start now. The fact is that everything I have read about #badBIOS is completely and utterly wrong; from the supposed “escaping air gap” to well.. everything. And I should know. I’ve dealt with malicious BIOS and firmware loads in the past. I’ve also dealt with BIOS development and modification for two decades. It’s a very important skill to have when you regularly build systems that are well outside manufacturer ‘recommended’ areas.

The whole of the analysis would be laughable if people weren’t actually taking it seriously and believing it because they’ve seen edge cases or very specific examples. And the result is that they’re looking in the wrong place.

First and foremost, the very idea that there is some malicious BIOS load that can escape airgapping and is portable is beyond laughable. I don’t care what you think you know – BIOS code is not portable, period. Oh, sure, you can have a common source for multiple motherboards. But every single model, revision and minor version requires you to recompile UEFI elements best case. That’s before you get into changes to UEFI libraries and shells.

The badBIOS Analysis Is Wrong.


Brings up a lot of good points on why the BadBIOS story is bogus, as well as bringing Occam's Razor into the argument.
Dynamix
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7-860 Gigabyte GA-P55A-UD4P Radeon 7970 Corsair Domintor Twins + Other = 16 Gb 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Black, 500gb OCZ Solid 3 Sony Optiarc Corsair H50 
OSMonitorKeyboardPower
Windows 7 Ultimate Samsung P2570HD + Other Logitech G110 Corsair 750W HX 
CaseMouse
Antec p183 Logitech MX Revolution 
  hide details  
Reply
Dynamix
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7-860 Gigabyte GA-P55A-UD4P Radeon 7970 Corsair Domintor Twins + Other = 16 Gb 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Black, 500gb OCZ Solid 3 Sony Optiarc Corsair H50 
OSMonitorKeyboardPower
Windows 7 Ultimate Samsung P2570HD + Other Logitech G110 Corsair 750W HX 
CaseMouse
Antec p183 Logitech MX Revolution 
  hide details  
Reply
post #2 of 6
Well i stopped reading the first article when it said it could be transmitted via sound from your speakers. lol
They would have got a nice pay out of the views on that article !
post #3 of 6
Yeah, I wasnt really totally confident in the article either. I know sometimes things can happen that are really out of this world, but the story seemed a little much.
Downgraded 2.0
(11 items)
 
  
CPUMotherboardGraphicsRAM
intel i3 4130 msi b85-g41 EVGA GTX680 Samsung 30nm god sticks 
Hard DriveHard DriveOptical DriveOS
Western Digital Caviar Black 1TB Crucial M4 LiteOn iHES108 Windows 10 Pro x64 
KeyboardPowerCase
rosewill rk9000re Corsair HX650W CHIEFTEC Bravo BL-01B 
  hide details  
Reply
Downgraded 2.0
(11 items)
 
  
CPUMotherboardGraphicsRAM
intel i3 4130 msi b85-g41 EVGA GTX680 Samsung 30nm god sticks 
Hard DriveHard DriveOptical DriveOS
Western Digital Caviar Black 1TB Crucial M4 LiteOn iHES108 Windows 10 Pro x64 
KeyboardPowerCase
rosewill rk9000re Corsair HX650W CHIEFTEC Bravo BL-01B 
  hide details  
Reply
post #4 of 6
I felt the original badBIOS analysis was a bit far-fetched. I still think there may be a lot of truth to his theories/testing (after seeing the incredible sophistication of the Stuxnet worm, I have to believe that just about anything is possible), but skepticism is just as important as open-mindedness in my book. Off to read the article now smile.gif.
     
CPUMotherboardGraphicsRAM
i7 5960X 4.6GHz at 1.2V  Asus X99 Deluxe Evga 980 Ti SC+ Corsair Dominator Platinum 16GB at 2666 MHz 16-... 
Hard DriveCoolingOSMonitor
Samsung 950 Pro 256GB EK Supremacy EVO, EK Titan X Full Cover, EK X99... Windows 10 Home retail Acer Predator XB270HU 
PowerCase
Seasonic SS-760XP2 Corsair Air 540 White 
CPUMotherboardGraphicsRAM
AMD FX-8350 5GHz at 1.524v ASUS Crosshair V Formula-Z Sapphire R9 290X with EK water block 2x4GB G.Skill Trident X 2500MHz 9-11-11 1.68v  
Hard DriveCoolingOSMonitor
Samsung 850 Pro 256GB + 2x Seagate 3TB HDDs Koolance CPU-380A water block Windows 7 64-bit Home Premium BenQ XL2720Z 
PowerCase
Seasonic X 650 Gold Lian Li PC-T60B test bench 
CPUMotherboardGraphicsRAM
i7 2600K 4.4ghz @ 1.296v Asus Maximus IV Gene-Z XFX HD6950 shaders unlocked G.Skill ECO 2x2GB 1866MHz 7-9-7-25-1T @ 1.5v 
Hard DriveCoolingOSMonitor
Crucial M4 64GB + WD Black 1.5TB Apogee XT + MCP320 + MCP655-B Windows 7 x64 Home Premium + Linux Mint Debian 3x AOC 27" IPS monitors for 5760x1080 eyefinity 
PowerCase
Corsair VX550w Caseless 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
i7 5960X 4.6GHz at 1.2V  Asus X99 Deluxe Evga 980 Ti SC+ Corsair Dominator Platinum 16GB at 2666 MHz 16-... 
Hard DriveCoolingOSMonitor
Samsung 950 Pro 256GB EK Supremacy EVO, EK Titan X Full Cover, EK X99... Windows 10 Home retail Acer Predator XB270HU 
PowerCase
Seasonic SS-760XP2 Corsair Air 540 White 
CPUMotherboardGraphicsRAM
AMD FX-8350 5GHz at 1.524v ASUS Crosshair V Formula-Z Sapphire R9 290X with EK water block 2x4GB G.Skill Trident X 2500MHz 9-11-11 1.68v  
Hard DriveCoolingOSMonitor
Samsung 850 Pro 256GB + 2x Seagate 3TB HDDs Koolance CPU-380A water block Windows 7 64-bit Home Premium BenQ XL2720Z 
PowerCase
Seasonic X 650 Gold Lian Li PC-T60B test bench 
CPUMotherboardGraphicsRAM
i7 2600K 4.4ghz @ 1.296v Asus Maximus IV Gene-Z XFX HD6950 shaders unlocked G.Skill ECO 2x2GB 1866MHz 7-9-7-25-1T @ 1.5v 
Hard DriveCoolingOSMonitor
Crucial M4 64GB + WD Black 1.5TB Apogee XT + MCP320 + MCP655-B Windows 7 x64 Home Premium + Linux Mint Debian 3x AOC 27" IPS monitors for 5760x1080 eyefinity 
PowerCase
Corsair VX550w Caseless 
  hide details  
Reply
post #5 of 6
Called it the minute I read the first few paragraphs of the Ars article. I made my opinions public on multiple sites including this one. Thankfully OCN members didn't vehemently leave annoying, childish comments on my rep meter like other sites. It feels good knowing this guy is clearly clinically insane. I've never even specialized in network security and don't know much, but it still tripped my bull meter.
post #6 of 6
Quote:
So what do I think? I think that A) a number of security experts flapping their gums are good at security and know nothing about how hardware works and B) it’s absolutely not a BIOS/Firmware level piece of malware. There are far, far too many blatant and obvious detection points. There is no way it could hop from Apple to PC, or even PC to PC or Macbook 2013 to Macbook 2011. (Forget Macbook to Mac Pro.)

Word.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [RootWyrm] The badBIOS Analysis Is Wrong.