Thursday, October 31, 2013

A Frightening Innovation in Malware?

It may be Halloween and a time for spooky tales from the dark recesses of the imagination, but real life has more than enough frightening things. As we are now a high technology bound society in the West, it seems some of the more alarming things involve computers. A new strain of malware has shown up that supposedly can use a computer's speakers and microphone to transmit data.

If this turns out to be a legitimate thing rather than a hoax, badBIOS is a thing of nightmares for IT and security experts. Normally I'd call this a fraud or someone having a paranoid break, but the technology has existed  in the world of espionage for decades that allowed lasers bounced off of windows to measure and detect conversation inside rooms, for instance. This would be the kind of project a government would be capable of in theory, most likely one of the big three: the United States, Russia, and China.

It's been awhile since I've seen a BIOS based attack get any press, so this caught my attention quickly. Of course simple precautions will prevent malware from getting on your system and this one is said to have come in on a USB thumb drive. However, the way this thing works is fascinating if real.

Part of me wants this to be a hoax, because this kind of PC infection would be incredibly difficult to deal with if it spread widely. Another part of me wants it to be real simply because it would be an amazing feat of computer science. But most of me is holding judgement until more evidence is brought forward.

UPDATED 6 Nov 2013:

While there is a possibility this is a real virus or trojan, the evidence isn't checking out and some are calling into question the mental stability of Dragos Ruiu. Strange behavior by him in social media is making it look like a paranoid episode, which is still bad news of a different kind. Given the fragmentation of BIOS implementations, it would be extremely difficult to pull off with limitations to attacking specific brands and models of PC's.

No comments: