This sounds like science fiction or a scene in Matrix: Recently, Dragos Ruiu published some information about a malware called BadBIOS. Therefore this nasty piece of malicious code is able to hide itself in the BIOS, to bridge the air gap using ultrasonic sound and the PC speaker / microphone and other quite sophisticated stuff.
Of course, this is all possible from a technical point of view. For example, the possibilities to hide malware in the BIOS had been discussed “centuries” ago – there is little space in the BIOS to do this – but it may be possible. E.g., a manipulation of the BIOS can be easily possible, see the CIH-Virus (also known as Chernobyl) back in 1999 that was able to delete the memory of a Flash-BIOS. We know sophisticated triangulation attacks, smart Van Eck phreaking to evaluate monitor signals or identify keystrokes of computer systems over the power grid as well as numerous steganography techniques to exchange or export data.
But is such a sophisticated combination of techniques, even more advanced than Stuxnet, already possible and even more, has it been in the wild for already three years? And don’t forget, it should be able to infect PCs as well as MACs and even operating systems like Open BSD! If this is real, it will have a great impact – on the possibilities of new digital weapons as well as the requirements of our defence. The upcoming weeks will show what is true and what is fake about this story.