The Computer Virus That is Puzzling the Internet | BadBIOS

00:00

            Since the dawn of time,  the world has been filled with threats 

00:05

(EXPLOSION) and those who try to  

00:07

understand them. And this applies to the digital  world as well, and there was certainly a time,  

00:13

not too long ago in fact, where most people  didn’t understand these threats at ALL. So,  

00:18

throughout the 1990s, on the NEW worldwide web,  you end up having these mass panics of computer  

00:24

viruses with alleged capabilities that go beyond  the screen, almost SUPERNATURAL. And of course,  

00:32

many people rode on these fears either in jest  or to obtain some kind of control on those who  

00:38

are gullible. Just like how the satirical tabloid  “Weekly World News” once published a story about  

00:44

a computer virus that can spread to humans.  Because that’s ridiculous! We all know how a  

00:49

computer virus works, it’s a malicious piece of  code that is able to replicate itself and infect  

00:55

other computers on the same network, whether  it’s the internet or some kind of local network,  

01:00

where it can then do whatever it is programmed  TO do. And that’s the key, you need SOME kind  

01:06

of connection to another computer. It’s  not a REAL virus in the literal sense;  

01:10

it can’t SPREAD through the AIR…right?             Well in October of 2010,  

01:18

something very unnerving allegedly happened. A man  named Dragos Ruiu, the main developer behind the  

01:24

annual Pwn2Own hacking competition. He had just  installed a new copy of Mac OS X on his MacBook  

01:31

Air, and it was then that he started to notice  the computer suddenly had a mind of its own. For  

01:37

starters, his CD drive was no longer working,  he couldn’t boot from any CD placed into his  

01:42

system. He thought okay, maybe this was just a  hardware issue, but then noticed that all of his  

01:48

system configurations kept undoing themselves. His  system data then started getting deleted. He was  

01:54

starting to think that this wasn’t a hardware  issue, but instead some kind of malware. So he  

02:00

went ahead and completely wiped the hard drive and  reinstalled the operating system, but sure enough,  

02:05

the problem still persisted. As it turned out,  this issue wasn’t coming from the hard drive,  

02:11

but the BIOS, the motherboard of the computer,  meaning that even a full system restore couldn’t  

02:18

fix it. But it doesn’t even stop there. He noticed  that this malware was now spreading across other  

02:25

computers on his network, even ones with different  operating systems. He quickly disconnected them  

02:30

from his network, but it just kept going. And  so, as a last resort, he disabled his Wi-Fi  

02:38

and Bluetooth and even unplugged the power from  his wall, relying only on the battery. This is a  

02:44

technique called “air-gapping,” as these computers  were now completely independent from one another,  

02:50

in their own separate worlds…yet the virus was  still spreading, even to computers who were never  

02:57

connected to the internet in the first place.             The malware became known as  

03:02

“BadBIOS,” which was capable of infecting  Mac, Windows, Linux, and BSD systems,  

03:09

and word quickly started getting around the  internet that it may just be the very first  

03:13

instance of a computer virus spreading through  the air, quite literally. Through its strange,  

03:20

completely unknown engineering, it was somehow  able to bypass these “air gaps.” Surprisingly, it  

03:27

gets even weirder…actual word of the virus seems  to have spread faster than the virus itself, and  

03:34

that’s because we...don’t even know if it exists.  BadBIOS has become an incredibly controversial,  

03:41

divisive subject within niche parts of the tech  community, with some people swearing by it,  

03:46

others scoffing at how ridiculous it is, and then  those who believe it to be nothing more than an  

03:52

elaborate hoax. And today, we are going to talk  about this strange origin story. This is BadBIOS,  

04:01

the world’s most mysterious computer virus. Now browsing the internet can be quite scary,  

04:10

but you know what's even scarier? Googling  yourself and finding out that your personal  

04:14

information has been publicly compromised. Well,  good thing Aura, which is today's sponsor, is  

04:19

here to help you with that. Now, what is Aura, you  ask? Well, thank you for asking; no one asks about  

04:25

Aura. Having personal data exposed isn't even  just a privacy issue; it also affects your daily  

04:30

life through unending Robo calls or spam emails. Aura is a service that finds these data brokers  

04:36

that are using and selling your information and  sends out takedown requests so that they can,  

04:40

well, leave you alone. These brokers are legally  obligated to remove your info upon request, so why  

04:47

not have Aura do all that for you? But it doesn't  just do that; Aura also serves as an antivirus,  

04:53

VPN, and password management tool all in one  program. It also offers things like identity  

04:59

theft insurance, as well as parental controls  features for any parents that want to protect  

05:03

their children from unsafe content. And it  includes all these features for just one price. 

05:09

I began using it and was able to scan my computer  for any malware, as well as use its VPN feature,  

05:15

allowing me to use the internet anonymously. It  really is a great all-in-one security bundle.  

05:21

And if you go to [aura.com/nationsquid],  you can get two weeks completely free and  

05:26

see if any of your information has, in fact,  been compromised. So, protect your data and  

05:31

your online presence today through Aura.             Now, tracing the origins to  

05:36

BadBIOS is seemingly impossible, as there is  quite literally no prior documentation prior to  

05:41

Ruiu’s claims from 2013, (the year he first posted  about it) and he himself is unsure of where this  

05:49

strange malware came from. Consequently,  this makes the entire story a “he said,  

05:54

she said” situation, which is the main thing that  has raised many eyebrows about its authenticity;  

06:00

there’s no way for it to be tested. And  all that doubt is for good reason! I mean,  

06:05

a computer virus that can infect ANY operating  system and still shows up even AFTER wiping the  

06:11

computer clean and can still transmit without  an internet connection? That’s every computer  

06:15

user’s worst nightmare. It sounds a little  too over the top to be true. But surprisingly,  

06:21

this is NOT the first time that something like  this has happened. To be clear, really the only  

06:26

way a virus would be able to reinstall itself even  after the drive was completely wiped would be if  

06:31

it was installed anywhere else other than the  hard drive. In this case, Ruiu claims the virus  

06:37

was installed within the BIOS, hence the name,  meaning that it was installed on the MOTHERBOARD,  

06:43

not the hard drive. This is the main reason why  it can infect virtually any computer regardless  

06:48

of its operating system or if the system is  restored, as those things aren’t really relevant  

06:53

to begin with. Now BIOS malware is INCREDIBLY  rare, to the point where it is almost unheard of,  

07:00

and this is because of the fact that nearly every  computer’s BIOS is different. That virus would  

07:05

have to be programmed and tailored for that  specific BIOS, which is already programmed  

07:10

and tailored for that specific computer. Not  to mention this type of malware would also need  

07:16

backdoor access to the BIOS in order to flash it,  which if you’re using a company like AMD, that is  

07:22

definitely going to be something that’s encrypted. BIOS malware was more common back in the 80s and  

07:29

90s when there were a lot less options to choose  from computer wise and when encryption technology  

07:34

wasn’t NEARLY as secure. Most computers nowadays  don’t even use a BIOS, but instead a UEFI,  

07:42

which offers more features and enhances hardware  performance, but the general concepts do still  

07:47

apply. UEFIs will not update properly unless  they get a digital signature that’s actually  

07:52

from the manufacturer, which means that if  malware were to sneak in there, this would  

07:57

be caught right away. If these private signature  keys were to somehow get leaked to the public,  

08:02

then yes you could have a problem. The malware  developer could very well “forge” this signature  

08:07

so to speak and create a fake update with this  bad code, but these leaks are quite rare and  

08:13

even if they did occur, these companies have  protocols in place to quickly fix things. Now,  

08:18

I did want to acknowledge the distinction between  BIOS and UEFI systems, but they are often used  

08:24

interchangeably in the everyday language, for the  sake of simplicity, I will be referring to it as  

08:28

a BIOS throughout this video. But in short, even  if there was some extremely sophisticated BIOS  

08:35

malware that DID exist and somehow bypassed  these backdoors, it just wouldn’t be able to  

08:40

spread that far, BECAUSE of these limitations.  There’s only ONE Microsoft Windows, there’s only  

08:47

one Mac OS. There’s like a million different  types of BIOS. If a malware developer wants to  

08:52

target a specific computer, it is much easier to  just think of a smarter way to do it through the  

08:58

operating system; it’s simply just not worth it. Now in order for this to be considered a “virus”  

09:04

in the technical sense, it needs to be “spread”  itself and communicate to another computer. So,  

09:10

how do you do that through the BIOS? Moreover, how  was it able to communicate to other computers in  

09:16

the room that had no internet connection,  no Bluetooth, no physical connection,  

09:20

not even connected to a charger in the wall! Yet  they still caught it. The first airborne computer  

09:27

virus. This was the version of the story that  made all the headlines and a mystery that took  

09:33

years for Dragos himself to figure out. So how  did it work? Well, the virus spread…through sound.  

09:40

Dragos alleges that the virus transmitted its code  through the computer’s speakers and the computers  

09:46

in the other room were able to pick it up through  their microphones, but these sounds are played at  

09:51

high frequencies that our ears cannot hear. This idea probably sounds so ridiculous and  

09:57

over the top, like something out of some crappy  detective show. But it technically is…possible.  

10:03

Now, the actual programming and engineering of  such a virus that sends and receives data this way  

10:08

would be VERY complicated and frankly I don’t even  fully understand it myself. I’m not a programmer.  

10:14

I run a tech channel and I don’t know how to code.  I’m like that guy that wears Nirvana T-shirts and  

10:19

is like “Oh, I LOVE Nirvana! They make the BEST  clothes!’ Anyway, the point is I am omitting a  

10:24

lot of important technical details here, BUT the  basic concept of how transmitting data works is  

10:30

actually remarkable simple. And because…I’m the  creative type (wink), I’m gonna use an example  

10:36

of this that makes the most sense to me. We’re  gonna be transmitting pictures using sound. (SHOW)  

11:55

Communicating information with sound is not at  all unheard of. We’ve been doing it for hundreds  

12:00

of years. The telegraph systems in days of old  used dits and dahs against pieces of metal to  

12:06

communicate letters and numbers. A very primitive  example of dating real world information,  

12:12

modulating it into something objective and more  tangible, and turning it back into that real  

12:17

information on the other side, for the receiving  human to understand. And this approach has…kind  

12:23

of just stuck ever since. It’s actually quite  similar to how dial-up worked back in the 1990s.  

12:30

Those irritating sounds you heard logging on are  literally the modem and your computer TALKING to  

12:35

each other through sound. These special sounds  communicated protocols that the modem and computer  

12:41

were programmed to understand, allowing them  to “essentially” negotiating what your internet  

12:46

speed was going to be, letting you online! This  didn’t necessarily HAVE to be played out loud,  

12:52

but doing so did provide helpful diagnostic  information in case the user needed to fix  

12:57

anything on their end. But in short, communicating  data with sound is not weird at all. In fact,  

13:03

you’re even doing it right now…well, sort of. If you’ve seen my video about the history of  

13:08

the internet, I provide a very basic explanation  of how this works. Computers are basically SUPER  

13:15

advanced telegraph machines. But instead of  using morse code, they use something called  

13:19

binary. As we know, binary is a language made up  of 1s and 0s, a high electrical voltage means 1,  

13:25

low or none means 0. And it does all of this  almost instantaneously. If you’re on Wi-Fi, the  

13:32

same concept applies but instead with radio waves.  1 and 0 would be on slightly separate frequencies  

13:39

that are distinct enough for the computers to  understand. But instead of sound waves, they are  

13:43

electromagnetic waves, and instead of speakers,  they are modems, Wi-Fi cards, etc. But the general  

13:50

concept still applies, and these are frequencies  our bodies cannot see or hear, making it look like  

13:57

magic. So the virus is basically doing exactly  this, but instead of pictures, it’s binary,  

14:04

a binary version of the malicious code, and the  sound is playing at frequencies that we can’t  

14:09

hear, but the computers can, which the listening  computer takes in and translates. But sometimes it  

14:16

IS audible. Dragos himself complained of hearing  a high pitched noise in his lab and it took him  

14:21

THREE YEARS to find out that THIS was what was  happening. So yes, this is all very much possible. 

14:28

But there are problems with this approach. Sound  waves in general, just aren’t nearly as good with  

14:33

this kind of communicating. Using the Audacity  example, when I transmitted this image this way,  

14:40

there is a clear sign of degradation, loss of  quality compared to the original, and this is  

14:46

because of something called a “signal to noise”  ratio. You’re probably well aware that microphones  

14:52

can often pick up sounds that we either tend to  ignore or can’t even at all. You’ve ever noticed  

14:57

how you could be in a room that is just so quiet  and you can hear your voice clearly, but as soon  

15:02

as you record yourself talking, you hear all this  loud static in the background, yuck just sounds  

15:07

terrible. This is of course “background noise”  and the more there is, the more it is going to  

15:13

interfere with that data, and sound in particular  is VERY sensitive to background noise. This is why  

15:19

a lot of old school modems had these insolated  cups around their microphones and speakers,  

15:24

it was specifically to eliminate this background  noise. I tried this experiment again but put my  

15:29

laptop in the other room, and sure enough the  image quality was even WORSE. The distance and  

15:35

more added background noise of just the ambience,  my ceiling fan, all that stuff, were external  

15:41

factors that interfered with the transmission of  the image. Just how like the farther you are away  

15:47

from a Wi-Fi router, the weaker the connection.  It’s the same thing. But again, things like Wi-Fi,  

15:53

Bluetooth, stuff like that communicate using  electromagnetic waves. A speaker is essentially  

15:59

just a translator. It’s taking these electrical  signals from the computer and turning them IN to  

16:04

sound that we humans can hear. Wi-Fi and Bluetooth  are straightforward for data transmission,  

16:11

as it just needs to modulate the data and then  demodulate it when it reaches the recipient. A  

16:16

speaker in this case, would have modulate, then  demodulate, and then modulate again, and then  

16:23

demodulate again…yeah. It’s kind of like making a  photocopy of something and then making a photocopy  

16:31

of THAT photocopy and you just kept doing that.  The quality is just gonna get worse and worse. And  

16:37

if the data being sent is distorted enough, the  computer’s just not gonna know what to do with it.  

16:42

Computers are much more objective problem solvers,  much more sensitive to accurate information than  

16:48

we are. If I cover part of this picture of me with  my thumb, I still know that it’s a picture of me,  

16:55

but if I cover part of this QR code, it’s no  longer recognizable. In other words, even the  

17:00

SMALLEST bit of interference with this form of  transmission could lead to failure. Some kind  

17:06

of data loss through this type of communication  is pretty much inevitable. If you REALLY wanted  

17:12

to minimize the level of background noise and  interference, you would basically need to have  

17:17

these two computers in some kind of anechoic  chamber, not a busy coffee shop, and out of  

17:23

these two places, let’s be honest, where are  you more likely to find someone with a computer? 

17:29

But let’s say you SOMEHOW found a way around  this, and figured out a way to transmit this  

17:33

information to ALL these computers,  without any interference. Even then,  

17:38

how would you know that the other computers are  even listening? The reason this image was able to  

17:43

show up on my computer was because I had Audacity  open; it’s recording software that’s specifically  

17:49

programmed to record and look for patterns from  the sounds in my environment, hence why these  

17:54

images show up. If I just left my computer as is  and played this sound, it would just sit there,  

18:01

because it is not being told at that present  moment to do something with that information.  

18:06

The same applies with transmitting this code. You  can’t just DO that. The computer would need some  

18:11

kind of protocol that programs it to listen for  it. It’s one of the big reasons why that one scene  

18:17

in Bones is so ridiculous, where a computer  literally BLEW up because one of the bones  

18:23

it scanned had malware sketched into it. Wait. Why is it on LiveLeak? (laughing) 

18:29

What? (laughing) What?! 

18:31

(EXPLOSION) “Oh my God!” 

18:33

“Whoever did this wrote malware on bone and  destroyed a million bucks worth of computers.” 

18:40

“I DID NAHT. OH HAI MARK!” Yes, it is technically “scanning” something,  

18:45

but the code on its own doesn’t mean anything.  The computer actually has to be taught how to  

18:51

do something with it. It’s like if I walked up  to somebody that only speaks English and started  

18:56

speaking in French telling them to go make me a  sandwich. Yes, they can see that I’m speaking to  

19:01

them, but they don’t know what I am saying (SHOW).  But if that person decided to take French classes,  

19:14

well…I like extra mustard. Computers are the  same way. They have to learn or be “programmed”  

19:20

to actually execute this code. The 3D Scanner  in Bones likely wasn’t programmed to execute  

19:27

something resembles code that may or may not show  up on a bone. But if the hacker somehow got a hold  

19:33

of the scanner’s source code and found some kind  of vulnerability that says to execute THIS script  

19:39

if it finds THIS pattern during a scan, then…sure,  that’s plausible. I don’t think the computer would  

19:45

blow up though. [EXPLOSION] 

19:47

The same thing applies to BadBIOS; and because  BIOS and UEFI systems are so secure and locked  

19:54

down, the odds of a malware developer getting  access to the source code of not just one but  

19:59

nearly every BIOS to ever exist, is virtually  zero. But Dragos himself said that as soon as  

20:06

he unplugged his speakers, the data  transmission stopped. In other words,  

20:11

it couldn’t have transmitted through sound at  all without the computer already having been  

20:16

programmed to listen and be on the lookout for  this specific code from the malware, beforehand.  

20:22

Which implies that it spread through another way.  Dragos claims that as soon as he completely wiped  

20:28

the BIOS clean, the malware would still show  up again, and after further investigation,  

20:34

he concluded that as soon as he plugged in a  USB, the infection immediately started again. So,  

20:40

it seems most likely that Dragos somehow had  dozens of his USB drives infected with this  

20:45

malware and when he plugged these drives into  the other computers, they got infected as well,  

20:51

which allowed for these computers to  listen for these transmissions. But again,  

20:55

that still doesn’t account for the fact  that all these computers run a different  

20:59

BIOS and that BIOS would be locked down. This whole story has left so many people  

21:05

online scratching their heads. A story based on  so many proof-of-concepts that, at face value,  

21:11

sound straight out of science fiction as well  as things that are flat out contradictory. The  

21:16

whole thing sounds like something from a badly  written TV show, but Dragos is not some nobody,  

21:21

he is quite well respected, reputable individual  within his field, and other reputable sources who  

21:28

work with him have confirmed its validity as well.  Which is why so many people are both mystified  

21:35

and starting to think that this may be part of  an elaborate hoax, or some kind of prank. For  

21:41

the longest time, Dragos never actually provided  evidence outside of his written entries about it,  

21:47

which left people very skeptical, and when he  finally did post something, people claimed it  

21:52

wasn’t really anything that unusual. Some of  them even hypothesized that the sounds he was  

21:57

hearing were just coming from his hardware and  that he was trying to find things that weren’t  

22:02

there. Not to mention that this type of malware  would be INCREDIBLY expensive and time-consuming  

22:08

to create. If it did exist, it would be even  more advanced than Stuxnet, which took multiple  

22:13

people years to put together and costed tens of  millions of dollars. Just doesn’t seem likely. 

22:20

To this day, BadBIOS has earned a very mixed  reputation with the tech space. Many of those  

22:27

laughing at the absurdity, those on the fence who  are simply trying to learn more, and those who  

22:32

swear that its real and claim to have experienced  themselves. There are even entire communities  

22:39

around it. For now, BadBIOS remains a complete  mystery both in its capabilities and whether or  

22:45

not it even exists. Perhaps we’ve come full circle  to all the virus hoax shenanigans the internet saw  

22:53

back in the 90s, but manifested in a much more  convincing and well thought out way. Remarkable. 

23:01

But there is ONE thing that will FOR SURE  protect you from this malware if it does in  

23:06

fact exist…and it’s through becoming a Patreon  or channel member. Just click “join” or go to  

23:11

Patreon.com/NationSquid. Trust me! It works! A special thanks to my patrons and channel  

23:18

members for making this video possible. Thank you  so much for watching! If you enjoyed this video,  

23:26

please subscribe, and click the notification  bell, so that you never miss a future video.