Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn’t know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours.
Three years ago is a long time ago in internet time. I know because I read it on the internet. ereh erom ,wohyna
Also, Dragos hasn’t given us anything we can independently verify. If it’s a bad BIOS, Dragos can extract it and publish it. If a USB drive infects a system, Dragos can use a USB sniffer and dump all the packets going across the USB bus. If it’s ultrasonic audio, Dragos could record the sound in WAV files. He could publish all this stuff, and we could see for ourselves whether it’s real or not. That he hasn’t casts doubt on what he’s found.
But at the same time, this is Dragos Ruiu, a well-respected researcher for 15 years. If he says he’s got an infected BIOS, I’m going to believe him. Sure, he’s probably gotten some things wrong: just because “they” really are ought to get you doesn’t mean that “they” are responsible for every phenomenon you can’t explain. But on the whole, I (and many other old-time experts) believe that in the end, most everything he suspects will be confirmed.
You should read them both, quite interesting actually, the first because of the FM, (electronically speaking,) involved, and the second for the plausibility of the FM happening.
This of course raises my paranoia about malicious government agents pinching blog posts before you get them dear reader and so to that end I am developing a balloon with string attached to a tin can, which will
insecure ensure secure communications except in thunderstorms or errant flocks of geese.
That having been said, I’m inclined to think what is being reported as happening is in fact happening, and think the mystery will be resolved in the most fascinating way, such as all scientific mysteries are. But lets not kid ourselves about electrical engineers, they can be a real pain in the ass sometimes.
Updated to take an in out and a a too. also corrected one misspelling, with the spell checker. all other mistakes are the work of the original authors, except for the backward words which I did, but the spell checker only highlighted two of the three. And for an encore I put this here at the bottom where it belongs, because if I don’t care who else will?