HOME

TheInfoList



Click Here for Items Related To - BadBIOS
OR:
BadBIOS on:   [Wikipedia]   [Google]   [Amazon]

BadBIOS is alleged
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
described by
network security Network security consists of the policies, policies, processes and practices adopted to prevent, detect and monitor unauthorized access, Abuse, misuse, modification, or denial of a computer network and network-accessible resources. Network securi ...
researcher
Dragos Ruiu Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in April 2021. Contestants are challenged to exploit widely us ...
in October 2013 with the ability to communicate between instances of itself across air gaps using
ultrasonic Ultrasound is sound waves with frequencies higher than the upper audible limit of human hearing. Ultrasound is not different from "normal" (audible) sound in its physical properties, except that humans cannot hear it. This limit varies fr ...
communication between a computer's speakers and microphone. To date, there have been no proven occurrences of this malware. Ruiu says that the malware is able to infect the
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
of computers running
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
,
Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...
,
BSD The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berk ...
and
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
as well as spread infection over
USB flash drive A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since firs ...
s. Rob Graham of
Errata Security An erratum or corrigendum (plurals: errata, corrigenda) (comes from la, errata corrige) is a correction of a published text. As a general rule, publishers issue an erratum for a production error (i.e., an error introduced during the publishing pro ...
produced a detailed analysis of each element of the descriptions of BadBIOS's capabilities, describing the software as "plausible", whereas Paul Ducklin on the
Sophos Sophos Group plc is a British based security software and hardware company. Sophos develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Sophos is primarily ...
Naked Security blog suggested "It's possible, of course, that this is an elaborate hoax". After Ruiu posted data dumps which supposedly demonstrated the existence of the virus, "all signs of maliciousness were found to be normal and expected data". In December 2013 computer scientists Michael Hanspach and Michael Goetz released a paper to the ''
Journal of Communication The ''Journal of Communication'' is a bimonthly peer-reviewed academic journal that publishes articles and book reviews on a broad range of issues in communication theory and research. It was established in 1951 and the current editor-in-chief is ...
'' demonstrating the possibility of an acoustic mesh networking at a slow 20
bits per second In telecommunications and computing, bit rate (bitrate or as a variable ''R'') is the number of bits that are conveyed or processed per unit of time. The bit rate is expressed in the unit bit per second (symbol: bit/s), often in conjunction w ...
using a set of speakers and microphones for ultrasonic communication in a fashion similar to BadBIOS's described abilities.


See also

*
Air gap (networking) An air gap, air wall, air gapping or disconnected network is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an un ...
*
Van Eck phreaking Van Eck phreaking, also known as Van Eck radiation, is a form of eavesdropping in which special equipment is used to pick up side-band electromagnetic emissions from electronic devices that correlate to hidden signals or data to recreate these sig ...


References

Computer viruses {{malware-stub Malware