Dan Goodin at Ars Technica has reported on Dragos Ruiu's "
badBIOS" analysis. I thought I'd explain how some of this stuff works.
First, a disclaimer
The story so far is this: Dragos's laptops appear to be have been infected by a virus more advanced than anything seen so far, more advanced than Stuxnet or Flame, two previous examples of state-sponsored advanced viruses.
We don't know of any of this is real. Dragos could be having a psychotic episode where paranoia has gotten the best of him. Our industry is rife with paranoia, where our "Occam's Razor" is tuned to believing that the most plausible explanation for everything "hackers". Weird sounds coming from the speakers? OMG it's a hacker!!
Also, Dragos hasn't given us anything we can independently verify. If it's a bad BIOS, Dragos can extract it and publish it. If a USB drive infects a system, Dragos can use a USB sniffer and dump all the packets going across the USB bus. If it's ultrasonic audio, Dragos could record the sound in WAV files. He could publish all this stuff, and we could see for ourselves whether it's real or not. That he hasn't casts doubt on what he's found.
But at the same time, this is Dragos Ruiu, a well-respected researcher for 15 years. If he says he's got an infected BIOS, I'm going to believe him. Sure, he's probably gotten some things wrong: just because "they" really are ought to get you doesn't mean that "they" are responsible for every phenomenon you can't explain. But on the whole, I (and many other old-time experts) believe that in the end, most everything he suspects will be confirmed.
Reply With Quote
Bookmarks