The Instigator
Pro (for)
The Contender
Con (against)

Bad BIOS Malware

Do you like this debate?NoYes+0
Add this debate to Google Add this debate to Delicious Add this debate to FaceBook Add this debate to Digg  
Debate Round Forfeited
sboss18 has forfeited round #2.
Our system has not yet updated this debate. Please check back in a few minutes for more options.
Time Remaining
Voting Style: Open Point System: 7 Point
Started: 1/8/2017 Category: Technology
Updated: 2 years ago Status: Debating Period
Viewed: 782 times Debate No: 98783
Debate Rounds (5)
Comments (0)
Votes (0)




Most people believe that this type of malware is a Hoax, and that researcher named Ruiu made it up. I believe that this malware is real because I have experienced it.

* It is said to infect the low-level system firmware of your computer, so it can"t be removed or disabled simply by rebooting.
* It is said to include components that work at the operating system level, so it affects the high-level operation of your computer, too.
* It is said to be multi-platform, affecting at least Windows, OS X, and OpenBSD systems.
* It is said to prevent infected systems being booted from CD drives.
* It is said to spread itself to new victim computers using Software Defined Radio (SDR) program code, even with all wireless hardware removed.
* It is said to spread itself to new victim computers using the speakers on an infected device to talk to the microphone on an uninfected one.
* It is said to infect simply by plugging in a USB key, with no other action required.
* It is said to infect the firmware on USB sticks.
* It is said to render USB sticks unusable if they aren"t ejected cleanly; these sticks work properly again if inserted into an infected computer.
* It is said to use TTF (font) files, apparently in large numbers, as a vector when spreading.
* It is said to block access to Russian websites that deal with reflashing software.
* It is said to render any hardware used in researching the threat useless for further testing.
* It is said to have first been seen more than three years ago on a Macbook.


I thank Pro for creating this debate. I am certainly not an expert on this topic, but I believe the "BadBIOS Malware" is indeed a hoax.

For one, Pro's "evidence" that it exists is anecdotal. Simply saying "[BadBIOS] is real because I have experienced it." is obviously not substantial enough evidence to warrant its existence. I could say the same thing about unicorns and you would (rightfully) be skeptical of my claims.

Second, Ruiu (the supposed original source of this malware infectee) has had years to provide concrete evidence of its existence as well, and he has failed to do so.

"For instance, security expert Igor Skochinsky, who has dedicated much of his work to investigating rootkits, says he has analyzed the BIOS dump provided by Ruiu and he hasn’t found anything suspicious. " [1]

Until we see more evidence, it's unreasonable to say it's not a hoax.


Debate Round No. 1


I would like to thank you for accepting my debate, this will be a fun debate indeed. I will outline the malware that we face today. The malware today is more sophicicated then it was 15-20 years ago. The malware we see today is written by professional cyber criminals and government agency's. The new breed of malware is cross platform and can infect multiple devices, morph and change its code at will, target low level firmware, and can infect devices that are not connected to the Internet (Air Gap Malware.)

Ruiu claimed that he had malware that could infect all his peripheral devices.
Security researchers Karsten Nohl and Jakob discovered a flaw that affects
virtually all usb devices. The security researchers that discovered the flaw called it Badusb.

Infected USB devices can:

* enter keystrokes
* alter or infect files
* affect Internet activity
* infect other systems, as well, and then spread to additional Usb devices (reprogram firmware)
* spoofs a network card and change the computer"s DNS setting to redirect traffic, allow hackers direct access, so that they may attack nearby devices
* emulates a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware

The new rootkits and bootkits are undetectable by any antivirus product on the market, survive even if the hard drive is replaced, and can also survive even if you reflash the BIOS. The infected BIOS can survive reflashing in the following ways:

* The reflash operation is under control of... the BIOS, so the infected BIOS only pretends to do the reflash (or reinfects the new BIOS immediately afterwards).R32;
* Another flashable firmware in the machine is also infected, and when either it or the BIOS is reflashed, the still infected firmware reinfects the other one. Any device with DMA can hijack the live machine at any point, and most devices with a firmware have an onboard CPU which would be up to the task (GPU, hard disks...).R32;
* The disk firmware is infected, and inserts malicious code in the boot code which reinfects the BIOS. R32;
Ruiu claimed that the malware also infected his Mac even though it was not connected to the Internet. Hackers have several ways of hacking into computers even when they are disconnected from the Internet.

Types of Air-gap malware:

Stuxnet: (USB drive that attacks lower firmware) No autorun file present
USBee: Malware can transfer Data via USB emissions from Air-Gapped computers
3G Intel Chip: Intel Core Vpro processors contain a 3G chip that allows remote disabling and backdoor access to any computer even when it is turned off. Intel embedded the 3G radio chip in order to enable its Anti Theft 3.0 technology. The Technology is found on every Core i3/i5/i7 CPU after Sandy Bidge has this technology.
Infected Phone can infect computer and vice versa: Smart phones have become more powerful and have become another tool that hackers use. If you plug your phone into a PC or Mac via USB, the hacker can use your phone to attack that device. A hacker can also use that same phone to attack nearby devices. The hacker can also use that phone to attack other wifi devices, wireless router, Bluetooth devices, and just about any wireless technology that uses (2.4GHz-5GHz). That same phone can also infect any USB charger that you use to charge your phone.
Turla APT Malware: uses satlilites to avoid detection.
Air Hopper: Malware can use radio signals to steal data from non network Computers

When Ruiu publicly announced that Malware can spread via speakers and microphones, most security researchers thought he was crazy; Ruiu then submitted a proof of concept of concept. Three years later researchers were able to create malware using inaudible sounds.

Bad BIOS can also mutate and has self healing capabilities. Metamorphic malware and polymorphic malware changes its shape like a real virus.

The new breed of malware can self destruct to avoid analysis, wiping all data on the hard drive, Infect Antivirus and malware removal tools using SQL injection, and infect DLL files and services. Malware can also uninstall itself and erase all traces of the malware.

Ruiu is well respected in his field, he has nothing to gain by making it up, only his reputation. Ruiu probably did try to provide proof that what he encountered was real; the people behind this Malware want to keep it top secret. Ruiu made an educated guess and came up with his own hypothesis as to how this mysterious Malware works. Ruiu may of had some things wrong; He was researching a new type of malware that he never encountered before. Bad BIOS malware doesn't have a set of rules. Ruiu could have been infected with a GPU Paravirtulation root, or an advance TDL-4 bot (boottrash) I will post a link below of a video that I made and posted on youtube. I was infected with a GPU rootkit, the malware didn't even have to phone home.
This round has not been posted yet.
Debate Round No. 2
This round has not been posted yet.
This round has not been posted yet.
Debate Round No. 3
This round has not been posted yet.
This round has not been posted yet.
Debate Round No. 4
This round has not been posted yet.
This round has not been posted yet.
Debate Round No. 5
No comments have been posted on this debate.
This debate has 6 more rounds before the voting begins. If you want to receive email updates for this debate, click the Add to My Favorites link at the top of the page.