So what do on the Walking Dead when your friend is infected with a zombie bite but not yet turned? You separate that person from the group and try to figure out how to cure him/her. That’s what useful about the fact that our heroes are currently in a prison (or at least it should be). #plotholes
For an infected computer you take it off the network, pull out the Ethernet cable, remove it from the wireless network and then try to fix it or wipe it. You create a gap between the computer and the rest of your network so that it can’t cause malice. The’s the airgap.
“badBIOS,” as Ruiu dubbed the malware, has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps.”
At first this seems darn near impossible, like ghosts, like a hoax, but considering the increasing complexity of BIOS’es as they control hardware at the lowest levels, and the ease by which they are updated “live” nowadays, this threat is credible. So at least from a research perspective, high frequency audio could be used to trigger a countdown on infected computers. A BIOS-virus designed for a single ecosystem might be able to stop a company’s entire workforce in a single day by just telling the virus to 1) reset drive data 2) block bios access effectively killing not just the data but the system accessing it.
More BIOS miscellany as I was wondering what manufacturers could use to prevent this:
Black Hat 2013
As more hardware vendors seek to implement the new NIST 800-155 specification that was designed to make the start-up BIOS firmware on our PCs and laptops more secure, they may need to rethink the security assumptions upon which the standard depends. A trio of researchers from The MITRE Corp. say that the current approach relies too heavily on access control mechanisms that can easily be bypassed.
But the MITRE researchers say that at Black Hat they will reveal how they are able to use the inherent mutability of the BIOS flash — that’s what makes it so easy to make BIOS firmware updates — against this attestation process. They will show two different ways they’re able to override it and forge the PCR values to trick the TPM into thinking the BIOS remains pristine.