
Ask HN: What happened with the supposed “BadBIOS” that jumps airgaps? - rthomas6
Did this turn out to be real? Did Dragos Ruiu say anything else about it? I never got any closure on this topic.
======
tptacek
I do not know any vulnerability researchers (Dragos, who is someone I do like,
is not one of those) who give this story any credence. The closest I've seen
that to happening was Robert Graham writing a blog post about how RF side
channels could be used by cooperating processes to communicate --- but that's
just a small detail of the whole story Dragos told.

I do know some extremely reputable researchers, people with no connection at
all to the supposed events, who have very forceful arguments for how the
(scant) evidence Dragos produced didn't establish anything about the existence
of anything like BadBIOS.

You're probably not going to get closure on this story.

------
valarauca1
Nothing can jump an AirGap.

Literally nothing. If something jumped an AirGap then a USBdrive, or
CDrom/DVDrom, etc. was infected. In which case the system wasn't Air Gapped,
it was part of a sneaker net.

Most commonly we refer to sneaker nets as Airgaps, when often their just as
vulnerable as a normal network. Dirty USB sticks are an old as the hills hack
at this point.

~~~
wtracy
BadBIOS was supposed to communicate with C&C systems using sounds inaudible to
the human ear that could be picked up by the microphone of a nearby (also
infected) computer.

Hence 'airgapped" (not connected to the network) computers could still export
private information to a botnet operator.

~~~
valarauca1
No.

'Airgapped' computers without infected BIOSes could not leak information.
Sneakernet computers with bad BIOSes could.

Unless you can pull off a remote code execution via microphone input, or
speaker feed back. Its unlikely an air-gapped computer will be infected.

~~~
AnimalMuppet
I think you missed the "already infected" part.

If I've got drivers running on two computers that only are in the same room,
and they both have speakers and microphones, then yes, I may be able to pull
this off. If one of them is connected to the outside world and the other
isn't, I may be able to connect from the outside world to the unconnected
computer using this acoustic method.

None of this helps me get the infection on the unconnected computer, though.
For that, there has to be something else - sneakernet USBs, for example, as
you mentioned.

