BadBios

Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system.

Well, don’t we feel just a little bit ashamed today. While we’ve been whining about trivia like the frightening scope of the NSA’s domestic spying programs – scooping up all our cell phone records, wiretapping American tech companies – the criminally poor oversight provided by rubber stamp lawmakers, and the flagrant lies of top level spooks like DNI James Clapper, the poor misunderstood folks at Ft. Meade have been quietly saving each and one of us from a Chinese plot to destroy all of our computers. Every last one of them.

If you haven't been following the story of Dragos Ruiu's BadBIOS tale the last two weeks, you've missed a compelling saga and an opportunity to find out how much you really know about malware.

Five days after Ars chronicled a security researcher's three-year odyssey investigating a mysterious piece of malware he dubbed badBIOS, some of his peers say they are still unable to reproduce his findings.

"I am getting increasingly skeptical due to the lack of evidence," fellow researcher Arrigo Triulzi told Ars after examining forensic data that Ruiu has turned over. "So either I am not as good as people say or there is really nothing."

I’m not known for pulling punches and I’m not about to start now. The fact is that everything I have read about #badBIOS is completely and utterly wrong; from the supposed “escaping air gap” to well.. everything. And I should know. I’ve dealt with malicious BIOS and firmware loads in the past. I’ve also dealt with BIOS development and modification for two decades. It’s a very important skill to have when you regularly build systems that are well outside manufacturer ‘recommended’ areas.

Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn't know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours.