Sign up FAST! Login

Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps | Ars Technica

Stashed in: Hackers!

To save this post, select a stash from drop-down menu or type in a new one:

"We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD," Ruiu said. "At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we're using to attack it? This is an air-gapped machine and all of a sudden the search function in the registry editor stopped working when we were using it to search for their keys."

Over the past two weeks, Ruiu has taken to Twitter, Facebook, and Google Plus to document his investigative odyssey and share a theory that has captured the attention of some of the world's foremost security experts. The malware, Ruiu believes, is transmitted though USB drives to infect the lowest levels of computer hardware. With the ability to target a computer's Basic Input/Output System (BIOS), Unified Extensible Firmware Interface (UEFI), and possibly other firmware standards, the malware can attack a wide variety of platforms, escape common forms of detection, and survive most attempts to eradicate it.

these things are real and the only thing you can do is destroy the hardware.  The nastiest ones don't just infect bios but also other firmware chips in the system.

Building a 386 machine at one point, I had to zap the battery and memory chips to make it receptive to installing an OS.   That was 20 years ago. 

So... which machines are vulnerable to airgap-jumping BIOS attackers? Just PC's?

You May Also Like: