

BadBios - jbillmann
https://plus.google.com/app/basic/stream/z13tzhpzvpqyuzv1n23cz52wykrrvjjce

======
duskwuff
Reading some of this guy's other posts, I'm guessing mental illness. (It's
certainly a much more likely possibility than a mysterious piece of malware
which somehow infects every piece of electronic hardware in his house.)

Quite sad to see, really. Hope he gets some help.

> So it turns out that annoying high frequency whine in my soundsystem isn't
> crappy electrical noise that has been plaguing my wiring for years. It is
> actually high frequency ultrasonic transmissions that malware has been using
> to communicate to airgapped computers... one "ghost" located at least. And
> now we know how the "hypervisor" functions, its probably stored in the
> realtek firmware, and thats one of the ways it survives reinstalls and BIOS
> reflashing. Off to find tools to dump the RealTek audio chips, and to try to
> find clean firmware to compare it to. Haven't ruled out video firmware yet,
> either.

[https://plus.google.com/app/basic/stream/z13itlihtui4gn2cl23...](https://plus.google.com/app/basic/stream/z13itlihtui4gn2cl23cz52wykrrvjjce)

------
Zenst
Certainly worrying but something on this scale and impacting I would of
thought that more sources of this would be scropping up. But may bea early
days.

Certainly the aspect of rewritting the controller code on flash drives of all
available types would be a very news worthy issue in itself beyond this being
used as a vector to rewrite the system BIOS. Which would be a way of doing it,
given how many manufacters that have windows based BIOS update programs that
have caused people fun and games in the past. This avoids the whole windows/AV
and indeed any protection the system BIOS has beyond a checksum that would
also appear to be easily bypassed.

Still the whole area that I wonder is when flaws in network card chipsets are
found and then the potentual to rewrite the code/BIOS upon those NIC's. That
would be an area which a failing CD-ROM drive would not show up.

Now waiting for somebody to invent a USB product condom, as in you plug it
your unknown USB device into it and it checks that it is not going to infect
your computer and puts on a green or red light accordingly showing it is safe
to insert into your computer.

Hope some more details come too light, just seems too big a deal to be this
low scale on the news front.

