Security experts have spent the past week discussing the extraordinary claims by researcher Dragos Ruiu that he has discovered a sophisticated malware that infects BIOS, operates across multiple OSs, persists despite efforts to remove it, covers its tracks and – most surprisingly – uses ultrasonic audio signalling to overcome air gaps.
It’s the stuff of science fiction, but Ruiu’s claims are plausible, and he is a well respected researcher in the information security field. Ars Technica chronicled the story last week, describing how he has spent three years investigating what he calls badBIOS, which initially appears to be transmitted by USB devices, infecting the BIOS and then the OS. His most dramatic claim is that an infected machine continued to communicate despite having no WiFi or Ethernet capability. Even the mains power was disconnected in case it could be used as a data carrier. Ruiu says he observed the communication stopped only after he disabled the machine’s microphone and speakers.
Skepticism appears to have increased somewhat in the past week, however, even among fellow researchers who originally voiced support for Ruiu. So far, no one besides Ruiu has managed to find evidence of the malware. Some have suggested that, while a degree of paranoia is necessary for a security researcher, Dragos Ruiu might be tilting at windmills.
What makes the story so exciting for many people is the thought that pulling the plug might not be enough to ensure security. Admittedly, Ruiu’s hypothesis involves an initial physical compromise using USB, but the notion that an air gap can be overcome by high-frequency audio communication is certainly novel – and a bit scary.
What do you think?