What is BadBIOS? - Definition from WhatIs.com
Part of the Malware glossary:

BadBIOS is a BIOS-level Trojan that can affect Windows, Macintosh, Linux and BSD systems.

The BIOS (Basic Input / Output System) is the firmware that runs while a computer boots up. A BIOS attack infects the BIOS with malicious code and is persistent through reboots and attempts to reflash the firmware.

There is no consensus in the security community on whether BadBIOS actually exists. Security expert Dragos Ruiu reported BadBIOS in 2010. According to Ruiu, the malware can make changes to the installed operating system and is reactive, deleting data and configuration changes made in an effort to combat it. Ruiu found that BadBIOS could infect via external storage, affecting flash drive firmware as well. Even connecting the drive without mounting still transmitted the infection. The researcher also reported that the infection can create covert IPv6 networks and acoustic mesh networks and is able to breach and exploit air gapped systems.

Ruiu’s suspicions were aroused when a Macbook Air with a newly reinstalled OS X spontaneously flashed its firmware.  Subsequently, the system would not boot from CD. Ruiu subsequently observed that his configuration changes and user data were deleted.

The researcher noted that this was not the only affected machine and that the infection was not limited to OS X.  An air gapped BSD machine that had its drives replaced and its BIOS re-flashed was also compromised, and displayed the same kind of reactive changes seen on the OS X machine. Ruiu saw IPv6 packets leaving his network, despite the fact that he had disabled IPv6 altogether. Affected Linux and Windows machines were also discovered. 

Ruiu observed that the air gapped machine could covertly send data to other computers using an ultrasonic signal from the speakers, which was picked up by other infected listening computers -- a concept known as acoustical infection that has been demonstrated in a proof of concept exploit.

Among security experts who believe BadBIOS exists, there is speculation that the Trojan is among the National Security Agency’s (NSA) hacking tools, which have been demonstrated to include hardware and firmware backdoors.

This was last updated in April 2014
Contributor(s): Matthew Haughn
Posted by: Margaret Rouse

Related Terms

Definitions

  • malware testing

    - Malware testing is the practice of subjecting malicious programs to software testing tools and procedures designed to assess the viability of legitimate applications. Malicious software developers ... (WhatIs.com)

  • equipment destruction attack

    - An equipment destruction attack, also known as a hardware destruction attack, is an exploit that destroys physical computer and electronic equipment. Equipment destruction attacks can be enabled s... (WhatIs.com)

  • domain generation algorithm (DGA)

    - A domain generation algorithm or DGA is a computer program used to create domain names, typically for the purpose of propagating remotely controlled Web-based malware. (SearchSecurity.com)

Glossaries

  • Malware

    - Terms related to malware, including definitions about viruses and Trojans and other words and phrases about malicious software.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question. Find an Answer.Powered by ITKnowledgeExchange.com

Ask An IT Question

Get answers from your peers on your most technical challenges

Ask Question

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.