Friday, November 08, 2013 ... Français/Deutsch/Español/Česky/Japanese/Related posts from blogosphere

BadBIOS v2.0: contracting HIV from your digital camera

A new version of BadBIOS, BadBIOS v2.0, was detected in the Czech Republic. It infects any computer running Unix or Linux or Android or OS X or iOS or Windows because it runs at the BIOS level. It reflashes itself, heals itself, and – like its predecessors – spreads through USB sticks and microphones and speakers (it transmits itself via sounds).

However, v2.0 also uses digital cameras and organisms. Whenever you connect a digital camera to your computer, the camera gets infected. While taking photographs, it sends subliminal if not superluminal flashes and the people on the photograph start to invisibly blink. The micro-blinking is caught by webcams that can see them and used to update the resistant BadBIOS v2.0 virus.

Printers are affected, too. They start to print tiny, almost invisible QR codes at the corner of every page. If that page is seen by a webcam, the webcam decodes it and infects the computer. I forgot to tell you that if you look at the digital camera for a long enough time, the micro-blinking of your eyes also starts to produce bases of DNA at the top of your glands. When you micro-blink a million of times, you assemble a modified HIV virus. The modification of that virus also allows other people to contract the mad cow disease. This also explains yesterday's intervention of the Czech National Bank against the currency they supervise.

The rootkit is omnipotent and you must worship it.

Well, I must stop that because my estimate is that 80% of the readers (although the percentage will be lower among you, smart TRF readers) are already scared, convinced that I am dead serious. Well, I am not even though some people really want my story to be right.

A week ago, a well-known security expert Dragos Ruiu printed his similar findings (just slightly more modest than mine) about the BadBIOS rootkit in Ars Technica. I think that if this story is nonsense, and I am almost certain it is, he must know very well it is a nonsense. So it is a sophisticated hoax to increase his own visibility.

Regardless of the BadBIOS' existence, the viral story about the BadBIOS' existence began to spread like fire. It seems like 1/2 of the sources tell you that the story could be a hoax; the remaining 1/2 tell you to be afraid. It's sort of incredible. We live in a civilized world where billions of people use some kind of a computer but the information about the ability to spread super-resistant viruses using the BIOS is something that the society isn't capable of settling.

Off-topic, real science in Nature: A Czech team of astronomers calculated the trajectory of the Chelyabinsk meteor and decided that a sibling of this body has been previously observed, suggesting that they came from the decay of one ancestor object.
There are also several – just several – sources that actually offer you a meaningful argumentation showing that this simply has to be a nonsense. I liked Philip Jaenke's description of the situation. I have never been a BIOS professional but as a kid, I have done quite some programming in the machine code and that gives me the main reasons to agree with Jaenke that the story is just plain nonsense.

Ruiu credits the new superprofound rootkit with some unusual behavior. We were told that it was preventing from reading register keys exactly when he needed them to investigate what was going on, it was blocking the booting from CDs to prevent him from fixing the (also infected?) operating system, and so on. Various extra batman-like abilities linked to the sound card (the microphone input line isn't available from the BIOS) and other components were also mentioned.

How did he collect evidence to believe in all the wonderful things? And if he has done this detailed research, why couldn't he just read the simple modified BIOS by some basic-level hardware tools and decode it? It doesn't make any sense.

It doesn't make any sense because of the basic point made by Jaenke that I fully subscribe to. The BIOS is an extremely concise yet constrained piece of code. If one actually knows the machine code, he may look at it – perhaps even if it is written in terms of hexadecimal numbers – and see whether it's a normal BIOS or whether it was brutally modified. Most modifications will either be inconsequential or they will make the computer misbehave so dramatically that it will look nothing like a mysteriously invisible infection.

It seems to me that this story abuses the people's ignorance about the machine code – what is hiding under the lid. But it's a programming language like others. I have done quite some programming in 8080-based and especially 6502/6510-based (OHIO Scientific; Commodore 64) microprocessors. It looked difficult at the beginning but when I was 12 or so, I programmed my own "assembler" but also memorized the codes of many instructions in the 6502/6510 machine code.

You might think that the programs available via the machine code are just gibberish that can't be decoded. However, when you acquire some experience, you will realize that it's not that difficult. You will be able to see where the "jumps" in the code are located, what are the loops, and so on. Like some other geeks of my age, I was able to write many programs in the machine code (like a fast enough calculator of 38,000 digits of pi – far from a record-breaker but the maximum I could hope for given the limited memory of C64; it took one week to calculate them) as well as sufficiently reverse engineer many C64 games and create "train modes" with many lives, and so on. It can be done if you play with these things a little. Using the machine code to do some very special hardware things (6502/6510 does everything with "peaks" and "pokes" of a sort) was fun, too.

It is similarly possible to decode the BIOS and if someone has experience with this particular category of machine-code programs, he can do it much more efficiently than the aforementioned reverse engineering of games. Moreover, even if Ruiu just hasn't had the idea to look what his current BIOS looks like, it doesn't matter. The BIOS just doesn't have these capabilities, doesn't even offer a sufficient space to deal with many different drivers or to hide itself or to reprogram itself which is needed to affect other kinds of hardware.

In other words, the BIOS (and the machine code in it) looks mysterious to most people and they identify the word "mysterious" with "capable of doing anything to you". However, these are very different adjectives. The first "mysterious" mostly means that people are usually ignorant about it. But if you're ignorant about X, it doesn't mean that X is omnipotent.

In this case and many others, the mysterious entity (BIOS) is so much more limited (and slower) than than usual higher-tier programs that it is much less potent and flexible for the creation of viruses. The BIOS was invented and designed to barely allow the computer to load all the necessary things that the more potent, higher-tier operating system will need. A Windows computer has the BIOS running at the core much like Mozart had a monkey running inside, too. So it's unnatural – and ultimately silly – to believe that the BIOS may do vastly more than that. If this were possible, it would have been used for many constructive things as well.

You may have new versions of the BIOS, with more room, and they may have more OS-like capabilities. However, as Jaenke argues, the UEFI isn't a generalization of the BIOS that would allow for such "extra functionalities", especially when it comes to the model independence. The BIOS/UEFI is still vastly hardware-dependent – even motherboard–dependent. Everyone who has flashed a new BIOS version to his motherboard knows that. You always run the risk that if there's some subtle difference in the motherboard vs the BIOS, your computer will become an expensive paperweight.

I would say that this location of the higher abilities at the higher (OS) level of the computer's functionality is analogous to the ability of the people to communicate with each other. Richard Feynman was among those who conjectured that at the basic level, everyone is thinking very differently – someone is doing the calculations visually, someone is doing them linguistically, and so on – and only at a higher level of thinking, we are adding various "emulation codes" to our brains that allow us to imitate the reasoning of others. Each of us is better in different problems.

In this analogy, we could say that each of us is running within a slightly different hardware. Our ability to communicate – and the ability of rumors and libels to spread – totally depends on the higher level of the code at which all the people or most of the people become "nearly equivalent or nearly compatible to each other". You just can't design the virus at the hardware level because it won't spread. Each of us has a different hardware. At most, you could design a method to infect the computers one by one which doesn't look like a great strategy to threaten the world. Or to hide the code for other models in the virus for one model – but this would need too much space and would be ineffective in the real world.

The BIOS experts like Jaenke may be much more specific about these matters.

My broader, sociological observation is that it is relatively easy to spread a science-fiction-like hoax in this world. Some years ago, people would jokingly talk about the "e-mail virus produced in Albania". The e-mail says that "unfortunately, the hackers in Albania don't have sufficient resources to create excessively sophisticated viruses so the recipient is kindly asked to resend this e-mail to everyone in his mailbox and then erase all the data on his hard disk".

It seems to me that people are so gullible – if I avoid the word "stupid" – that the Albanian virus concept is much more viable and effective as a tool to threaten the civilization than the actual BadBIOS concept. In other words, the human factor is still a greater weakness than any known weakness of the technology. If you invent a threat like that and if you also ask the people to do something really stupid in order to avoid this fabricated threat, many of them will just do it. It's not just the millions of people who have no clue and who aren't expected to have a clue about the BIOS. It's about 1/2 of the information technologies journalists, too. They should know better.

If you read the discussion under Jaenke's article, you will encounter some commenters who write comments that are superficially as credible as Jaenke's account. The laymen who just don't understand the content may easily think that their tirades composed of random pieces they have probably heard somewhere (e.g. the commenter named Pierre) are equally convincing as Jaenke's account if not more so. The only problem with them is that their writers don't have a clue. They just know how to write down sentences that contain the "right words" and that look grammatically and syntactically fine – that look fine to others who have no clue. But the beef is rotten.

The people's large holes in the knowledge and their gullibility is a much greater threat for the health of the mankind and the civilization than over 99% of the "declared threats" we are hearing about these days. The climate alarmism has failed to go completely extinct so far for the very same reason, too.

Add to Digg this Add to reddit

snail feedback (0) :