BadBIOS: Worst fears realized or just fearing the worst?

Last week, word hit about a piece of malware referenced as BadBIOS.  Reported by Dragos Ruiu, founder of the Pwn2Own contest and a respected member of the security community, it’s said to be able to communicate with other infected systems by the sound hardware, similar in some ways to a modem.

There are still a TON of questions about this. As far as I’ve read, few if any other people have seen the hardware, but the researcher himself is considered trustworthy. I’ve seen a lot of reports that get the information wrong, like a report that BIOS was infecting BIOS via the sound capabilities, which is not (so far as I can tell) what is being claimed. It seems that what is present is an incredibly resilient and persistent malware that can communicate to other similarly-infected systems via the sound card, and apparently to affect more than one operating system, having successfully affected Apple’s OS X and Windows, as one might expect, but also Linux and even OpenBSD, the latter of which is a very unusual target.

This is, in some ways, what was feared by many when Intel said it wanted to move from BIOS to EFI/UEFI.  Intel had some very good reasons for this as the capabilities of BIOS were interfering in general computing hardware advancement, but when you put what amounts to an operating system in the firmware with room to expand, there stands a good chance that it’s going to be abused.  UEFI sits under everything, and while it’s not quite a virtual machine host (yet), it has many of those same capabilities as it can read what’s going between hardware easily, giving it the ability to alter data at many points.  It also makes it extremely difficult to pry out as few if any malware detection mechanisms can look into the hardware.

Based on a recent (mediocre) book series I’ve been reading, the thought crossed my mind that it may have been secretly sent to one or more researchers so that they would find it specifically in order to derail some secret capability developed by a state-sponsored agency or group. That’s getting into conspiracy theory, something I don’t tend to do, but those happen online more than they happen in meatspace.

In any case, it’s still something I’m watching, and I’m sure there are researchers working to develop similar capabilities. It’s not something I worry about hitting my systems, because the complexities of doing so are enormous. Most computer hardware is built to handle very specific information, but the microphones still start and speakers still end as analog, and the quality of both diverges significantly from one system to the next, even within the same model of hardware. I can see how data can be delivered via sound–we’ve done it for decades with modems–but aside from targets picked very carefully, I have difficulty believing that this could be used for something widespread, especially since the infection mechanism needs a different entry point.

It’s an interesting piece of targeted malware (if real), but it’s not going to take over the world.

Fedora on the Asus 1015E

For anyone that happens to be struggling with getting Fedora 19 installed on the Asus 1015E, at least with BIOS revision 303, it appears that there’s something in the installer kernel (3.9) that doesn’t agree with the system.  Fedora 20 (kernel version 3.11) does work, though since it’s currently in pre-Alpha state, you’re installing it at your own risk.

Other than that, it’s a great little $200 notebook.

Recovering root password on Fedora 19

I ran into a problem a few weeks ago with my Linux system.  After performing a kernel update and rebooting, I couldn’t remember the disk encryption password.  I tried for an hour or more, running through all of the passwords I could think of, including with new combinations and possible miskeys, but nothing worked.  Finally, I shut it off in frustration.

Last night, I figured I’d take another crack at it.  After nearly 30 minutes, I finally stumbled across the right password, and it was something that I’d tried before several times both last night and during the previous failure but apparently managed to miskey it a few dozen times.  Success!

Until I tried to log in.

Password for my account?  Wasn’t happening.  Couldn’t remember what it was.  Worse, I couldn’t remember the root password, either.  OK, I figure.  I’ll just reboot into single-user mode and reset the password.

It wasn’t quite that simple.

Continue reading “Recovering root password on Fedora 19”