New Invincible Firmware Infecting Malware Struck Me, Claims Security Researcher

Theregister.co.uk reported on 1st November, 2013 stating that renowned Computer Security Researcher, Dragos Ruiu states that he has been attacked by indestructible firmware-infecting malicious software or malware.

Dubbed BadBIOS, the rootkit emerges to be sophisticated and highly persistent with "self-healing" capabilities. It can infect computers running almost any operating system by changing the firmware of the device including the Basic Input/Output System (BIOS) and the United Extensible Firmware Interface (UEFI).

It can spread even if power cords and Ethernet cables of the computer are unplugged and Wi-Fi & Bluetooth communications are disabled and it can also "jump air gaps" via speakers and microphones of the computer.

The initial infection vector appears to be through USB drives but it is not confirmed.

Ruiu deems BadBIOS, which penetrated computers of his lab, can taint PCs even if they are operating on a Windows, Mac OSX, Linux or a flavor of BSD together with OpenBSD. The rootkit apparently contaminates USB (Universal Serial Bus) sticks, reprograms their microcontroller firmware to conceal itself and infuses itself into a disinfected system once it's plugged-in.

In fact, no other action is required except plugging-in a tainted USB drive which is apparently enough to catch BadBIOS.

Interestingly, BadBIOS can stop a computer from booting from Compact Disk (CD), can hinder working of system admin software and tries to burn up proof of the malevolent onto optical-media is let down by the rootkit - that can fasten into traditional EFI, BIOS, and UEFI firmware.

The single most difficult-to-swallow proposition about BadBIOS is that it can transmit data to other infected systems via aural by broadcasting ultrasonic waves beginning the speakers of one computer to the microphone of another computer. Infoworld.com published on November 1th, 2013, citing affirmation of the hypothetical likelihood of the same theory by Robert Graham, Fellow Security Researcher.

If BaBIOS is actually the first strain of all-in-one malware which can taint a machine in multiple ways and also spread that infection in numerous ways also, new weapons are in order. Those who talk seriously about redesigning-and-computing from a security perspective may seem less like pie in the sky optimists and more-like individuals who had the correct design all along.

» SPAMfighter News - 11/12/2013