Stop data brokers from exposing your information. Check out my sponsor aura.com/nationsquid to get a 14-day free trial and see if your personal information has been compromised.

I think I can debunk this once and for all: If the OP said the CD drive stopped working on his MacBook Air, then it's a hoax. It's impossible for a MacBook Air's CD drive to stop working. That's because they never had one. MacBook Airs never had a CD or DVD drive of any kind. It was one of the things mentioned in the keynote where Steve Jobs first announced the computer. So, if that's the first "symptom" of BadBIOS that Dragos Ruiu noticed, then I think it's safe to say the whole thing is made up.

Malware like this is a good spooky story, but it's entirely infeasible as far as I can figure out. You'd need a zero-day in basically every single sound card driver ever.

My favourite part about the nirvana bit at 10:18 is you're not even playing Nirvana, you're playing an obscure Green day track from their first album

"there's a high pitched sound in this room and it's giving computers viruses" is the kind of information that makes someone crazy with paranoia

I work in IT/security (in software, hardware repair, & programming) Some years a go I did work for a client where a virus spread to 12 of his computers- it was NOT this virus though, if it ever existed. However there was a similarity- wiping the drives did just let it re-install. Started checking to see if it was creating a hidden partition on the HD & reinstalling from there, or staying in memory in an expansion card (there were some similar to this that could hide in your dedicated video or sound card & used it's processor & ram as a staging area to re-infect the system after a re-install). After a bit of tracing I found out the virus was actually in the router itself, & had originally gotten access because the routers access info had never been changed after the factory preset. After flashing the routers bios it wasn't an issue anymore, still tracked down where it came from & added lines into the windows hosts file of the server & router to make sure that it'd never be allowed to try to go back to those IP's or any domain/subnet connected to them. Was a tricky lil bugger for sure, but ultimately just needed the right insecticide- me.

New fear unlocked: Science-fiction computer viruses

It is a fun creepypasta, nothing more. It would require an entire protocol to transfer the virus using speakers and microphone, with error correction and so on. It basically implies that you can control the operating system with microphone (saving executable file and then running it), you would need another protocol for that. Then you have problem of overwriting BIOS from the level of operating system, which I don't think is even possible. Back in the day you would have to run BIOS Setup before OS had even started to update it from the floppy.

People forget that early Internet connections, especially early dial up (14.4k in particular) - the data connection was made entirely by sound. So you were receiving data via sound. The v.92 dial up modems were the first I saw that used a digitized connection after the initial dial in an handshake, which was still done by sound. (The noise of robots killing each other.)

QR code goes to The Beatles - All My Loving

"Communicating information with sound is not at all unheard of. We've been doing it for hundreds of years." Yeah, I think we've been doing that for a bit longer, lol.

Modems are literally just microphones and speakers relaying digital information in the form of sound. Congratulations on reinventing the modem.

Anyone who works with electronics knows that coils in circuits can generate high frequency sounds, since the coil vibrates when working at high frequencies, and sometimes it is audible. Excellent story, it's for a black mirror episode haha 😂

The spookiest part? The MacBook Air NEVER had an optical drive of any kind.

"A lot less options to choose from computer-wise in the 80s"? Citation needed! In the here and now there are essentially two basic CPU platforms - x86 and ARM - and while there may be a gazillion motherboard manufacturers the underlying architectures are fairly homogenised (particularly in the x86 world). In the 80s, however, we had a myriad of CPUs - 8088, x86, Z80, 6502, 680x0, TMS9900, etc. - and even computers that shared a CPU would often have wildly different architectures. In the UK in the 1980s we had the ZX Spectrum, BBC/Acorn, Oric, Amstrad CPC, MSX, Dragon, Atari 8-bit, Atari ST, Amiga, PC, VIC-20/C64/C128, Mac, and probably a bunch more I've forgotten. The 80s were a wild time!

"It infects Linux, BSD, Windows". Me using templeos: You have no power here, Gandalf the grey.

UEFI and BIOS are still effectively the same. One of which are just easier to use. BIOS itself is a pain but very simple to use and implement. UEFI can be worse, UEFI implementations depend to have firmware bugs, super annoying shit when doing osdev But uefi has a lot of benifits like built-in boot-loader drivers and secure boot. and generally is indeed easier to use as it is a plain C api, every Win32 developer should be familiar with.

Even if it’s not possible as written, I gotta give kudos to the “Bones” writer(s) who came up with the idea of malware carved into a skeleton; very creative and forward-thinking, especially if it’s theoretically possible for it to have done something under the right circumstances.

The fact that you've managed to transmit an image by noise just for demonstration is spectacular on its own.

To be honest, a movie about AI turning evil and infecting computers due to a sound sounds like a cool plot. Nice video BTW!

Most BIOSes aren't too different from each other. They are often just licensed from Phoenix and the OEMs slap their custom GUI on top of it.

This is clearly a hoax. The main reason being, as you identified, that any target computer would already need to be compromised in order for the microphone to be enabled and software would need to be running on the OS to interpret the sounds as code. Audio hardware will not operate unless the OS has the correct driver running. That this guy had it isolated in a lab, yet hasn't produced any evidence in over 10 years seals the deal.

That bone scanning malware isn't as ridiculous when you learn that HP's excuse for their printers requiring 1st-party ink cartridges is that it's possible for 3rd-arty ink cartridges to contain malware. Although, I guess the big difference here is that HP intentionally created a problem so that they could be the solution to said problem.

The fact the subreddit dedicated to it is also mostly just about "electromagnetic targetting", mass surveillance, mind control, sound weapons, etc. etc. as well as being abandoned, there's not a lot of credence to the people outside of the original guy who claim to have also encountered the virus.

Imagine a bioweapon that changes your eyes so that you become a computer virus on webcam

Great video. But the QR code example doesn't really work because standard it's built on has a lot of redundancy and error correction. That's the reason qr codes can have little images in the middle, the error correction fills in the missing data.

There is one possibility you didn't cover, and that is that the hardware shipped infected from the factory. Most computers are made in China (even MacBooks), and a lot of them are made from OEM manufacturers like Foxconn (even MacBooks). There has already been documented cases of chinese made american electronics "calling home" to chinese servers. If companies like Foxconn is instructed to ship computers and phones they make with infected firmware, they sure can. And then they can lay dormant until some weird code is transmitted via sound. Maybe even embedded into a hit song for all that I know. I believe this to be the most likely scenario, although this story itself seems very unlikely. All of it is theoretically possible, but to actually carry this out in the real world would be expensive and really difficult. Unless you're the corrupt government of one of the largest economies in the world.

I found the part about the virus being transmitted through audio being a bit silly. Most regular speakers and microphones are locked somewhere between 20Hz - 20kHz, which is the range of sound audible to the human ear.

That's why I only use OS/2 Warp 4. I can't do anything with it, but I've never got infected with a virus.

About that Bones episode you're talking about: the reason Angela's computer went up in flames (according to the logic of the show, not necessarily real life) is because the virus not only disabled the computer's cooling system, but also disabled any fail-safes against the inital disabling, which caused her computer to overheat. Like you, NationSquid, I dunno if that would actually cause it to go up in flames or not, but I just wanted to add some context to that scene. Anyway, I like that you covered what is essentially an urban legend, while explaining some of the logistics of it, instead of just calling it a hoax and calling it a day. I definitely learned a few things from this video.

I remember when one time Mutahar from SomeOrdinaryGamers said that when EAS is used in Japan some special signal is broadcasted that turns devices (like TV's) on to show the emergency broadcast (and then they start to emit that sound to activate more devices). No idea if it would work on PC's as well tho

7:05 Even then, a virus that was programmed to exactly, but **loosely** do that was CIH, and all it ever did was trash the BIOS of specific motherboards back in the 90s. EDIT: It's a very good hypothetical 'computer virus', makes for a great Black Mirror episode. The only thing that really comes close is viruses that are able to backdoor and infect routers and the firmware itself. Though, with TPM and memory integrity being pushed a lot more these days, it's becoming more and more of a hypothetical. From what I know, and someone can correct me on this, but WIndows booting into BIOS mode from the desktop can be done on specific devices still, and so can putting a device into flashmode using an application, but even that would require physical input to continue with the installation from the user, along with a very specific BIOS file meant for the motherboard, would it not?

I’m surprise you didn’t talk about SSTV at all, it’s what nasa used to send images back from space and such it’s really cool

Listening to this at the gym, never missing a a new nation squid vid

Sending data thru sound without errors is technically possible. We can use two different frequencies to represent high bit (1) and low bit (0) then add error correction such as hamming code. However, implementing this on BIOS is almost impossible because hacker need to squeeze the required hardware drivers into teeny tiny BIOS storage.

This would require physical manipulation of the BIOS chips, which is impossible on a large scale

"Oh I love Nirvana! They make the best clothes" Really sent me. 😂😅🤣

There are BIOS or UEFI viruses. There are even UEFI or BIOS scanners, like ESET has a UEFI scanner in it's EIS suitue. The "spread through the air" "don't care about airgap" is not very realistic.

Macbook Air's don't have CD drives.

It’s impressive how Pwn2Own still happens yearly to this very day even after the BadBIOS incident!

The way you explain stuff for us is so good. Like using the example of covering up a part of a picture of urself vs a QR code and the example of speaking French to a person who speaks English and the examples like that are SO helpful for me to understand. I subscribed because you take complex topics that I want to understand and make them something that I can understand and I love it

I presume this is the same kinda thing when you call a mobile but it's still ringing but breaks for a slight second where you can hear the other person's phone but hasn't picked up yet. And continues ringing

That QR Code probably would have scanned just fine. QR Codes typically include error correction. The image you transmitted could have been formatted with error correction as well.

Possibly your best virus video.

What if he was trying to get people thinking about the security of other parts of computer hardware and software? Sure, in this specific representation, the likelihood of a virus acting that way is slim... but it makes you wonder what else is actually possible.

my favourite example of sound being used to communicate is the 2012 and boom furbies using ear-bleeding ultrasound

One thing worth noting is that error correcting code (ecc) exists. It's a means of putting redundant bits in data in case parts of the transmission are lost. One place you'll commonly see this is in methods of optically encoding data such as qr codes, bar codes and cds.

alongside all the other points people are making here i'd add that most microphones of the era had a quality so terrible they likely couldn't pick up these supposed frequencies anyway. plus, many many devices did not have microphones at all. plus plus, there were many different soundcard drivers. there are so many reasons (other than these few that i immediately thought of) that would make this truly impossible

HAM radio operators have their own thing of sound-to-data, called SSTV. They send a ~30 second beepidy-boop through the shortwave band and the receiver, who can be thousands of miles away unter certain circumstances, can restore a low resolution still image from that. Basically you can send memes around the globe without internet. Sometimes even the ISS sends SSTV images, but you gotta plan the reception, because you can only get the signal if the station is visible at "your" sky. But it gets even crazier, a lesser known standard called NBTV whis is even lower resolution, but the image can move like a GIF.

10:20 don't think I didn't notice the very obscure very early Green Day track! Well played!

To me it just sounds like a creepypasta. Plus, since there's no evidence, I personally believe, it's not real.

tf why isnt this channel more popular

I'm surprised the Intel Management Engine or AMD Platform Security Processor weren't considered as possible parts of the explanation

Babe wake up, new nation squid video dropped

I like that I learned about how computers, WiFi, and Bluetooth work through sound!

It dont need to be a bios virus. It could have imbedded itself in the factory image of the backup so that it couldnt be removed by a reset. Got 4 bugs myself that does this.

Something very similar happened to me back in 2013. I had to physically change the actual HDD because wiping the whole system didn't actually work.

I was wondering when the legend would upload once again. I love these types of videos! :)

Some computers also have IR sensors that are used for communicating. Given the chance I turn off everything like that. I still expect to see malware spread via RFD.

11:58 "communicating with sound is not at all unheard of" that's because you have to hear to communicate with sound. Even animals do it

Another good example of transmission of images via sound is SSTV. Also, darn, it's been literally decades since I last saw an acoustic coupler.

No premier? Thats new😂 good editing ad always !

What MacBook Air has ever had a CD-Drive??

I don't have a microphone so I don't have to worry about this extinct virus 🗿

Super interesting video!! Also- subtitles not working?

1:08 "You need some kind of connection to a computer" Hackers in 2050: *Brain-computer interface*

If you think about it that way. Such a virus could exist today. If it's meticulously customized with AI. You give a database for the AI to find a loophole, or a zero-day bug. and uses it to exploit it. If the person who infected the computer has a GPU capable of tensor kernel computation. The virus could technically adapt to every piece of equipment in range. Right down to the ISPs that provide internet access and the country's military. If you know the fact that modern GPUs, even in the budget class, don't come without hardware AI features. Viruses based on it are very real. We need to wait a little while until users have more common PC's like that. Of course this is one possible scenario that could happen in a crazy minority - but it is very real.

13:14 "Carnival Of Light" (The Lost UNRELEASED Never Heard Before Beatles Song) ❤❤❤❤ x

Most phones _are_ constantly listening for "OK Google" or "Siri". This could serve as an attack vector if you "spoke" a malformed sentence or something.

The presentation of this video gives me some good old tabloid vibes. Had a good laugh, haha)) That said, this virus is somewhat plausible. At least in theory. BIOS have access to wifi and bluetooth hardware, so once it has taken control of that it can potentially spread itself through those networks onto other computers. At the same time though, the level of sofistication of a malware like this is unimaginable. Storing something so powerful on a very limited resources of a BIOS ROM doesn't seem possible for something so underpowered as macbook air. This one seems to be fake, but with some tweaks it might be a good script for a halloween horror story aimed at IT audience!

I'm not a professional computer scientist or anything, but even I know this is total baloney.

The definition at the beginning is for a worm, not a virus but the term “virus” is often used interchangeably with “malware”. A virus inserts itself into an existing program or file.

QR code gold! Good one, I'm glad curiosity got the best of me. 😉

I worked in the government as an it tech. We had a virus that made the computer “sing”. We had to flash the bios and low level format the drive. So it did exist. And I hated that. We lost a lot of data because users refused to save to network. 😂 Luckily, he was in a very well shielded office using…Windows ME. Yeah. I know. 😂

I’d never heard of this before and now it is going to consuming my every waking thought for the next month.

Love the shirt!! Halt and Catch Fire is so underrated.

WE GETTIN OUT OF THE COMPUTER VIRUS WITH THIS ONE ‼️‼️‼️💯💯💯🔥🔥🔥💥💥💥🗣️🗣️🗣️

MacBook Airs don't have optical drives. Never did. Even when Macs still had optical drives. That right there would be enough to discredit him in my eyes. lol

This is fascinating. I didn't know you could affect BIOS this way. Jesus.

If anyone was wondering, the QR code leads to a Beatles song. I'm just happy it wasn't a Rick roll or the Josh Hutcherson edit.

The first thing I thought of when you spoke about the transmission through sound was that you would have to turn the microphone on in the first place, aside from all the other technical aspects, that’s the bit that seems off.

You do a great job explaining such complex topics

Love the Halt and Catch Fire shirt! Not enough people watched that gem

16:57 The QR code is still readable! Thanks, error correction :D

16:56 Dog this is one of the many reasons why I love you

Nice Green Day reference @10:19. Kudos, sir.

You know it's a great day when a new NationSquid video drops!

i was waiting for a door to pop up in that intro while you said "welcome to the twilight zone" or something lol

Not the first virus to spread through the air. Older cellphones were retransmitting a virus that was only known to drain the battery faster because it turned up the antenna gain way before this instance. I was previously laughed at by an IT technician after I told them that I had seen a virus hit my PC's BIOS. Anything that is programmable can be volatile. Your "UEFI" works at a High Level. Most viruses that affect the BIOS are at a Low-Level which some are programmed to inject code into the host OS. They can even reach internet channels if they are programmed to do so. Low Level programming is well ahead of any of the brains of any educated programmer of today because they were never taught to utilize it. Most programs run on 3-5 tiers of High-Level programming and will be infected if any lower tiers are affected in some way. Ok, I'm rambling... For your "Air Virus". It is known that some CPU's have an address volatility problem where if an instruction was sent to an address it would execute it. The sound of a computer is controlled by a DAC and that DAC communicates on a CPU BUS. If a certain set of instructions were to leak past where the CPU would mistakenly run the code it would become infected. The code would not have to be majorly complex. Just the code would have to act if it was part of the CPU bus to be executed. It would literally bypass the OS, UEFI and BIOS directly hitting the CPU. The code itself can be smaller than this following string of text... "Open sound device. Transmit code. Save code." It could be more complex but not much needed to be of any great size. We are talking about bits and bytes here working at the lowest level where you only can see the highest level unless you have the tools to read each instruction as it happens which does need specialty equipment

6:28 malware can exist in the hard drive’s firmware persisting after wipes

You forgot hardware instruction sets , hardware abstraction layers which are essential for any computer , then error checking and correcting etc which are all hardware based as well as software , you can implement AES-NI instruction in software if your hardware supports it , just like the TPM thing now. Then , there are metadata that OS uses to identify stuff , not much nowadays , but in past it was very important. In early days of computing , and even 10 years from that story , you had issues if your program was x86 based that it wont run on AMD , and so on , list is long , but you can perfectly do it on platforms like Raspberry Pi , Arduino and similar , as hardware and firmware isn't so smart , it interprets machine level code as it's thrown at it , without asking many questions. You can dig deeper in JFIF and EXIF exploits as they are very basic example on how computers interpret things. DOS prompt wont prevent you from killing entire OS if you told it do so , nor will any other interpreter as long as it understands what it receives.

My phone can read the QR code at 16:56 perfectly line. The QR standard includes error correction bits for when a QR has been partially occluded.

The vocal fry on this man. This is the voice Malware would speak with.

Always a pleasure to see the Squid Kid! 😍

I mean as a 2000s kid, these virus lore are a lot better than the sonic.exe tech horror I was brought up with

This reminds me of the Rhythm Nation HDD failure situation.

Fun fact you can use sound to break encryption in your cpu. Sounds wild but basically anytime something(electron) is moving its gonna move stuff around which will make sound in our atmosphere.

You almost figured it out when you mentioned Stuxnet. Yes; if it exists the only entity with the cash, brains, and manpower to pull it off is a nation state. Additionally; a vector alrrady known to be vulnerable are the video bios' of certain manufacturers leading to the possibility of a system bios being infected by a video bios

It might just be a challenge wrapped up in a spooky story

Tape data and shared programs over radio and phone back in the day would be a good example. Remember getting games over phone calls and fn radio?