badBIOS malware bypasses airgaps designed to prevent it from spreading

//

Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps

Another intriguing characteristic: in addition to jumping “airgaps” designed to isolate infected or sensitive machines from all other networked computers, the malware seems to have self-healing capabilities.

“We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD,” Ruiu said. “At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we’re using to attack it? This is an air-gapped machine and all of a sudden the search function in the registry editor stopped working when we were using it to search for their keys.”

Update 6 Nov 2013: Some researchers are having trouble reproducing the symptoms described in the badBIOS report. Of course, since we’re still in the early stages, it’s hard to confirm or disregard this just yet.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *