An in-depth report from Ars Technica highlights a rootkit (a piece of software that typically hides itself deep in an operating system’s Kernel or a computer’s BIOS) that is capable of communicating with nearby computers using a system’s speaker and microphone. Dubbed “badBIOS,” the malware has been plaguing renowned security researcher Dragos Ruiu’s computers for three years. Similar in nature to many other rootkits, badBIOS does its best to prevent users from erasing it, including removing the computer’s ability to boot from a physical disc. Ruiu believes badBIOS represents the first visible stages of a larger attack that can affect Windows, OSX, Linux, and BSD systems. Where it differs is in its ability to communicate with other infected computers even when “airgapped.”
EVEN WITHOUT NETWORK CONNECTIONS, THE COMPUTERS WERE STILL TALKING TO ONE ANOTHER
Airgapping refers to a system that’s cut off from anything that could — usually — be utilized for communications. That means removing wireless communication methods like Wi-Fi and Bluetooth, physical network connections, and even the power supply, leaving a battery-powered machine that should be incapable of networking. Ruiu took all the above measures to prevent communications, but even after that the computer was still “acting like it’s connected to the internet.” As far-fetched as it sounds, Ruiu’s research concludes that the infected machines are “talking” to one another through high-frequency soundwaves imperceptible to our ears, using their built-in speakers and microphones.