badBIOS reflashing
This is not a has-badBIOS-pwn3d-me post, so don't worry about any paranoid rants.
Having read a thorough analysis/debunking of the alleged evilware, I certainly understand that the technology badBIOS uses for communication (some type of side-channel attack using sound waves) has already been PoCed.
What I really don't understand and couldn't find any related answers in the paper or anywhere else is:
Assertion 38: badBIOS reflashes the system BIOS and is able to persist after the machine has been re-flashed with legitimate firmware.
I can think of one case this could be true; reflashing the SPI chip from the infected host OS.
Otherwise, did he really claim that even if you desolder the chip from the motherboard, attach it to a non-badBIOS'd SPI programmer you would not be able to reflash or read the actual badBIOS .bin image? Is it even theoretically possible that a chip could 'fool' you about its actual content if it is not connected to the host motherboard?