Browse Definitions :
Definition

BadBIOS

Contributor(s): Matthew Haughn

BadBIOS is a BIOS-level Trojan that can affect Windows, Macintosh, Linux and BSD systems.

The BIOS (Basic Input / Output System) is the firmware that runs while a computer boots up. A BIOS attack infects the BIOS with malicious code and is persistent through reboots and attempts to reflash the firmware.

There is no consensus in the security community on whether BadBIOS actually exists. Security expert Dragos Ruiu reported BadBIOS in 2010. According to Ruiu, the malware can make changes to the installed operating system and is reactive, deleting data and configuration changes made in an effort to combat it. Ruiu found that BadBIOS could infect via external storage, affecting flash drive firmware as well. Even connecting the drive without mounting still transmitted the infection. The researcher also reported that the infection can create covert IPv6 networks and acoustic mesh networks and is able to breach and exploit air gapped systems.

Ruiu’s suspicions were aroused when a Macbook Air with a newly reinstalled OS X spontaneously flashed its firmware.  Subsequently, the system would not boot from CD. Ruiu subsequently observed that his configuration changes and user data were deleted.

The researcher noted that this was not the only affected machine and that the infection was not limited to OS X.  An air gapped BSD machine that had its drives replaced and its BIOS re-flashed was also compromised, and displayed the same kind of reactive changes seen on the OS X machine. Ruiu saw IPv6 packets leaving his network, despite the fact that he had disabled IPv6 altogether. Affected Linux and Windows machines were also discovered. 

Ruiu observed that the air gapped machine could covertly send data to other computers using an ultrasonic signal from the speakers, which was picked up by other infected listening computers -- a concept known as acoustical infection that has been demonstrated in a proof of concept exploit.

Among security experts who believe BadBIOS exists, there is speculation that the Trojan is among the National Security Agency’s (NSA) hacking tools, which have been demonstrated to include hardware and firmware backdoors.

While there remain many skeptics on the existence of BadBIOS, just about every concept described by Ruiu has been proven as a concept or used in the real world. The combination of the concept's use in a covertly installed package is what is doubted. No code for the exploit has been located. While Dragos extracted the UEFI code nothing was found. He suggested that BadBIOS may have the ability to erase itself. Many others assumed that the infection was elsewhere, perhaps on controller chips, or that it didn't exist. As of yet there is no definitive proof  that the malware exists. However, further NSA firmware hacking leaks have since demonstrated that more claims associated with it are possible.

This was last updated in January 2017

Continue Reading About BadBIOS

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What do you think of the NSA's data-gathering and surveillance activities?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • DMZ (networking)

    In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a ...

  • quantum supremacy

    Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classic computers by ...

  • Australian Assistance and Access Bill

    The Australian Assistance and Access Bill is legislation introduced and passed in 2018 by the Parliament of Australia to support ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

Close