This is NOT a Halloween Trick
While everyone is concerned about what secrets and communications are being snooped upon by our and other government agencies, a situation more sinister than that of what Germany’s Merkel is talking about has been uncovered by one of computer security’s most notable people.
Dragos Ruiu, a Canadian computer security consultant, has uncovered a computer malware that at this point seems to be unstoppable.
The curious case of badBIOS began three years ago, when Dragos Ruiu, a celebrated Canadian security consultant, noticed irregularities with his MacBook Air, according to a report from Ars Technica. The system updated its firmware without Ruiu’s approval, and when it was done, it could delete his files and change system settings autonomously.
Although Ruiu attempted to root out the problem at the source, it only got worse. His computer refused to boot from a CD, opting instead to use its compromised internal protocols.
This guy is not fly-by-night hacker trying to get attention. In fact he has been trying to enlist the aid of other computer security experts to try to trace this thing down, posting on security sites all he has found out about it so far.
Here is a brief break down courtesy of Boing Boing.
Ruiu said he arrived at the theory about badBIOS’s high-frequency networking capability after observing encrypted data packets being sent to and from an infected machine that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when one of the machines had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine’s power cord to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.
This is not science fiction stuff here folks. And with my 30+ years in computers and even longer in radio and electronics I can assure you that this is not only possible but highly probable. And the big problem is that it buries itself so deeply in the BIOS Firmware that it can avoid all current means of detection and elimination. By reprogramming or altering the BIOS – the code that makes all computer devices work – this malware can perform any task it wishes and avoid detection at the same time. Regardless of what OS is being used – Windows, OSX, Linux, BSD …
Now you maybe wondering how this is possible. For one thing all the controller chips in you computer – be they Mac or PC – require their own code – instructions – to make them work. This also true of nearly any computer controlled device these days. This code is no longer hardwired into the device but is programmed into a flash memory.
And this flash memory can be easily altered, from your audio port on your computer to even your flat panel TV. In fact on your PC or Mac it is likely that even Mic and Speaker ports use a controller that “Looks” to the system like a special USB device, making writing of the firmware and driver code much easier. It also makes writing malware that can corrupt this code a lot easier.
What does this all mean? It means that the more complex, advanced and ubiquitous the systems and technology we take for granted become, the more vulnerable they get to hacking for malicious reasons. It also shows that every computer around, whether or not physically connected to a network, can be a victim of hacking and malware that is virtually impossible to detect. It can be buried so deep in the firmware it would take years to find it.