It is believed that this virus infects the BIOS of Mac OS X, Linux, Windows and Berkeley Software Distribution (BSD) operating systems. Once invoked, it is spread by way of USB flash drives and other removable, non-volatile devices. BadBIOS is platform-dependent, but is capable of self-healing, maintaining its integrity and resisting erasure. It utilizes ultrasonic transmissions of high frequency to communicate to other infected systems even when completely disconnected from networks.
The probability of acoustic mesh networking was also demonstrated with BadBIOS at twenty (20) bits per second. This was first reported in 2013 by Dragos Ruiu, a network security researcher who happened to observe packets of encrypted data being exchanged between an infected computer with no network connection, and an infected laptop within close proximity. Despite the “air gap” between the two machines, they functioned as though they were connected to a network or the Internet.
It should be noted that all the possibilities described by Ruiu had already been observed before. For instance, the Stuxnet virus that was passed to a nearby node by way of a memory stick; and in other cases which saw high-frequency sound waves utilized to emit network packets of information. Most network security experts who have investigated Ruiu’s claims contend that such exploits were either unlikely or impossible to occur unless a given computer’s speakers were capable of transmitting and receiving frequencies that are rarely even generated.
But one network security expert, Robert Graham, stated that Ruiu’s description about BadBIOS was plausible in his post explanation about computers which exhibited such acoustical infections. An alternate approach for harnessing air gapped communications is by way of covert channels, a process discovered by German computer scientists Michael Hanspach and Michael Goetz. Because of this, Graham suggested that Ruiu’s detractors were mostly wrong. Even newer computers that are shipped with the Unified Extensible Firmware Interface (UEFI) as opposed to traditional BIOS firmware are at risk, and to think otherwise, or that multiple platforms or motherboards would create a form of resistance, only exposes ignorance about UEFI and vulnerabilities like the BadBIOS virus.
Phillip Jaenke, an expert in Storage and Virtualization, also acknowledged the possibility of a very resilient and resistant BIOS virus which, unlike anything of epidemic proportions, would only infect a particular machine over a period of time. His theory suggested a virus capable of escaping detection using basic techniques in virus diagnostics, as well as advanced strategies of network security. Regardless of the varying opinions about the BadBIOS virus, most experts agree that if it’s capable of doing the things described in Ruiu’s claims, then it is definitely intended for high-target attacks.
To this day, the study and debate of the BadBIOS computer virus continues among network security analyst. Whether it is a security myth or actual threat remains to be seen.