I wouldn't just dismiss this with a wave of my hand.
I wasn't really talking about the tech, I was talking about the techie. I know a couple of security experts, they tend to be obsessive. There's no way this has been around for three years with only one person coming across it and then not telling anyone.
The story is well written, it's outlandish without being wholly impossible. The sound communication, for instance, would seem to be technically possible (assuming the hardware can handle frequencies over, what, 20KHz?) but it would require an initial infection by other means in order to start listening in the first place, so it begs the question as to why anyone would bother other than because they could. Or there's the BIOS attack; a BIOS is pretty basic (that's what the B stands for) but there's been at least one common in-the-wild virus (CIH / Chernobyl) and there's a thing called the Persistent BIOS Infection. But IIRC most modern BIOSes and EFI require signed code, which makes that sort of shenanigans much more difficult than they used to be.
I'd be more inclined to believe it if it was a single new tech; the EFI attack for instance, or the aforementioned comms, or a BIOS attack, but all these things together? Possible perhaps, but bloody unlikely.