Friday, August 01, 2014
BadBIOS or BadUEFI ?, the mysterious Mac and PC malware
BadBIOS, the mysterious Mac and PC malware
His network transmitted data specific to the Internet's next-generation IPv6 networking protocol, even from computers that were supposed to have IPv6 completely disabled. Further investigation soon showed that the list of affected operating systems also included multiple variants of Windows and Linux.
"We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD," Ruiu said. "At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we're using to attack it? This is an air-gapped machine and all of a sudden the search function in the registry editor stopped working when we were using it to search for their keys."
99% BAD HARDWARE WEEK: Well this is obviously UEFI based malware. It has IPv6 wake up and thus understanding of this protocol. Other undetectable air-gap bridging gremlins are the same as for BIOS.