Browse Definitions:
Definition

BadBIOS

Contributor(s): Matthew Haughn

BadBIOS is a BIOS-level Trojan that can affect Windows, Macintosh, Linux and BSD systems.

The BIOS (Basic Input / Output System) is the firmware that runs while a computer boots up. A BIOS attack infects the BIOS with malicious code and is persistent through reboots and attempts to reflash the firmware.

There is no consensus in the security community on whether BadBIOS actually exists. Security expert Dragos Ruiu reported BadBIOS in 2010. According to Ruiu, the malware can make changes to the installed operating system and is reactive, deleting data and configuration changes made in an effort to combat it. Ruiu found that BadBIOS could infect via external storage, affecting flash drive firmware as well. Even connecting the drive without mounting still transmitted the infection. The researcher also reported that the infection can create covert IPv6 networks and acoustic mesh networks and is able to breach and exploit air gapped systems.

Ruiu’s suspicions were aroused when a Macbook Air with a newly reinstalled OS X spontaneously flashed its firmware.  Subsequently, the system would not boot from CD. Ruiu subsequently observed that his configuration changes and user data were deleted.

The researcher noted that this was not the only affected machine and that the infection was not limited to OS X.  An air gapped BSD machine that had its drives replaced and its BIOS re-flashed was also compromised, and displayed the same kind of reactive changes seen on the OS X machine. Ruiu saw IPv6 packets leaving his network, despite the fact that he had disabled IPv6 altogether. Affected Linux and Windows machines were also discovered. 

Ruiu observed that the air gapped machine could covertly send data to other computers using an ultrasonic signal from the speakers, which was picked up by other infected listening computers -- a concept known as acoustical infection that has been demonstrated in a proof of concept exploit.

Among security experts who believe BadBIOS exists, there is speculation that the Trojan is among the National Security Agency’s (NSA) hacking tools, which have been demonstrated to include hardware and firmware backdoors.

While there remain many skeptics on the existence of BadBIOS, just about every concept described by Ruiu has been proven as a concept or used in the real world. The combination of the concept's use in a covertly installed package is what is doubted. No code for the exploit has been located. While Dragos extracted the UEFI code nothing was found. He suggested that BadBIOS may have the ability to erase itself. Many others assumed that the infection was elsewhere, perhaps on controller chips, or that it didn't exist. As of yet there is no definitive proof  that the malware exists. However, further NSA firmware hacking leaks have since demonstrated that more claims associated with it are possible.

This was last updated in January 2017

Continue Reading About BadBIOS

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What do you think of the NSA's data-gathering and surveillance activities?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • PCAOB (Public Company Accounting Oversight Board)

    The Public Company Accounting Oversight Board (PCAOB) is a Congressionally-established nonprofit that assesses audits of public ...

  • cyborg anthropologist

    A cyborg anthropologist is an individual who studies the interaction between humans and technology, observing how technology can ...

  • RegTech

    RegTech, or regulatory technology, is a term used to describe technology that is used to help streamline the process of ...

SearchSecurity

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard, or AES, is a symmetric block cipher used by the U.S. government to protect classified ...

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable ...

  • spear phishing

    Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to ...

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

  • mass notification system (MNS)

    A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.

  • disaster recovery as a service (DRaaS)

    One approach to a strong disaster recovery plan is DRaaS, where companies offload data replication and restoration ...

SearchStorage

  • CIFS (Common Internet File System)

    CIFS (Common Internet File System) is a protocol that gained popularity around the year 2000, as vendors worked to establish an ...

  • GlusterFS (Gluster File System)

    GlusterFS (Gluster File System) is an open source distributed file system that can scale out in building-block fashion to store ...

  • virtual memory

    Virtual memory is a memory management capability of an OS that allows a computer to compensate for physical memory shortages by ...

SearchSolidStateStorage

  • Tier 0

    Tier 0 (tier zero) is a level of data storage that is faster, and perhaps more expensive, than any other level in the storage ...

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

  • SSD caching

    SSD caching, also known as flash caching, is the temporary storage of data on NAND flash memory chips in a solid-state drive so ...

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close